6.5. Password-based Authentication¶
Virtuozzo Storage uses password-based authentication to enhance security in clusters. Password authentication is mandatory meaning that you have to pass the authentication phase before you can add a new server to the cluster.
Password-based authentication works as follows:
- You set the authentication password when you create the first MDS server in the cluster. The password you specify is encrypted and saved into the
/etc/vstorage/clusters/stor1/auth_digest.keyfile on the server.
- You add new MDS servers, chunk servers, or clients to the cluster and use the
vstorage auth-nodecommand to authenticate them. During authentication, you use the password you set when creating the first MDS server.
- Virtuozzo Storage compares the provided password with the one stored on the first MDS server, and if the passwords match, successfully authenticates the server.
For each physical server, authentication is a one-time process. Once a server is authenticated in the cluster (for example, when you configure it as an MDS server), the
/etc/vstorage/clusters/stor1/auth_digest.key file is created on the authenticated server. When you set up this server as another cluster component (e.g., as a chunk server), the cluster checks that the
auth_digest.key file is present and does not require you to authenticate the server again.