guanxun mu wrote: > IMO, there're lack security check in cman join/leave mechanism, that's > means a aborative udp packet made the cluster untrusted, if there's a > manageable authorization password input through proc entries, the wrong > configured node or the cracker without the cluster-extension authorized > word will not bother the cluster message passing. a simple memcmp > calling in the beginning of process_message will out sight of load. Don't run the cluster over an interface that's open to the internet. It's true that the security extras in cman are pretty much non-existant though, I grant you. -- patrick -- Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
