6.5. Password-based Authentication

Virtuozzo Storage uses password-based authentication to enhance security in clusters. Password authentication is mandatory meaning that you have to pass the authentication phase before you can add a new server to the cluster.

Password-based authentication works as follows:

  1. You set the authentication password when you create the first MDS server in the cluster. The password you specify is encrypted and saved into the /etc/vstorage/clusters/stor1/auth_digest.key file on the server.
  2. You add new MDS servers, chunk servers, or clients to the cluster and use the vstorage auth-node command to authenticate them. During authentication, you use the password you set when creating the first MDS server.
  3. Virtuozzo Storage compares the provided password with the one stored on the first MDS server, and if the passwords match, successfully authenticates the server.

For each physical server, authentication is a one-time process. Once a server is authenticated in the cluster (for example, when you configure it as an MDS server), the /etc/vstorage/clusters/stor1/auth_digest.key file is created on the authenticated server. When you set up this server as another cluster component (e.g., as a chunk server), the cluster checks that the auth_digest.key file is present and does not require you to authenticate the server again.