- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
Sun Cluster 3.0 12/01 software provides several options for node authentication. Node authentication is how potential nodes must identify themselves before being allowed to join a cluster. Ensuring that all nodes are properly authenticated is a critical aspect of cluster security. This section discusses what options are available and provides recommendations on what level of node authentication should be used.
The available node authentication options in Sun Cluster 3.0 12/01 software are:
- none (i.e., any system is permitted to join the cluster)
- IP address
- Diffie-Hellman using DES
In addition, the scsetup command provides the following under option 6) New nodes:
*** New Nodes Menu *** Please select from one of the following options: 1) Prevent any new machines from being added to the cluster 2) Permit any machine to add itself to the cluster 3) Specify the name of a machine which may add itself 4) Use standard UNIX authentication 5) Use Diffie-Hellman authentication ?) Help q) Return to the Main Menu
At a minimum, the node authentication setup should require that new cluster nodes be added manually and not automatically. This would require selecting options 1 to restrict the ability of systems to add themselves and then using option 3 to specify the name of the new cluster node. These two options run scsetup with the following commands, which can also be run manually:
# scconf -a -T node=. # scconf -a -T node=phys-sps-1
The next consideration is how to validate that a node is who is says it is. There are two alternatives: standard UNIX or Diffie-Hellman authentication. The default is to use UNIX authentication. If a private interconnect is used to connect the nodes and the scconf command has been used to restrict new nodes from joining this is probably adequate. In environments where other systems may attempt to join into the cluster, or if the data on the cluster is particularly sensitive, then the use of Diffie-Hellman authentication is recommended.
Diffie-Hellman authentication uses Secure RPC to authenticate the nodes in the cluster. This requires that the public and private keys be setup properly on each of the nodes. The most effective means to do this is through NIS+ as it simplifies the management and maintenance of these key pairs. It is however possible to use Secure RPC without NIS+. For additional information on Secure RPC and Diffie-Hellman authentication refer to the keyserv(1M), publickey(4), and nis+(1) man pages.