How to Work With New Cluster Node Authentication (Sun Cluster System Administration Guide for Solaris OS)

Sun Cluster System Administration Guide for Solaris OS

How to Work With New Cluster Node Authentication

Sun Cluster enables you to determine if new nodes can add themselves to the cluster and with what type of authentication. You can permit any new node to join the cluster over the public network, deny new nodes from joining the cluster, or indicate a specific node that can join the cluster. New nodes can be authenticated by using either standard UNIX or Diffie-Hellman (DES) authentication. If you select DES authentication, you must also configure all necessary encryption keys before a node can join. See the keyserv(1M) and publickey(4) man pages for more information.

This procedure provides the long forms of the Sun Cluster commands. Most commands also have short forms. Except for the long and short forms of the command names, the commands are identical. For a list of the commands and their short forms, see Appendix A, Sun Cluster Object-Oriented Commands.

Become superuser on any node in the cluster.

Start the clsetup(1CL) utility.
# clsetup
The Main Menu is displayed.

To work with cluster authentication, type the number that corresponds to the option for new nodes.

The New Nodes menu is displayed.

Make your selection from the menu and follow the onscreen instructions.

Example 8–3 Preventing a New Machine From Being Added to the Cluster

The following example shows the claccess command generated from the clsetup utility that would prevent new machines from being added to the cluster.

# claccess deny -h hostname

Example 8–4 Permitting All New Machines to Be Added to the Cluster

The following example shows the claccess command generated from the clsetup utility that would enable all new machines to be added to the cluster.

# claccess allow-all

Example 8–5 Specifying a New Machine to Be Added to the Cluster

The following example shows the claccess command generated from the clsetup utility to enable a single new machine to be added to the cluster.

# claccess allow -h hostname

Example 8–6 Setting the Authentication to Standard UNIX

The following example shows the claccess command generated from the clsetup utility to reset to standard UNIX authentication for new nodes that are joining the cluster.

# claccess set -p protocol=sys

Example 8–7 Setting the Authentication to DES

The following example shows the claccess command generated from the clsetup utility to use DES authentication for new nodes that are joining the cluster.

# claccess set -p protocol=des

When using DES authentication, you must also configure all necessary encryption keys before a node can join the cluster. See the keyserv(1M) and publickey(4) man pages for more information.