The SHA digest

The Secure Hash Algorithm (SHA) digest is relevant only when using GPFS in a multi-cluster environment.

The SHA digest is a short and convenient way to identify a key registered with either the mmauth show or mmremotecluster command. In theory, two keys may have the same SHA digest. In practice, this is extremely unlikely. The SHA digest can be used by the administrators of two GPFS clusters to determine if they each have received (and registered) the right key file from the other administrator.

An example is the situation of two administrators named Admin1 and Admin2 who have registered the others' respective key file, but find that mount attempts by Admin1 for file systems owned by Admin2 fail with the error message: Authorization failed. To determine which administrator has registered the wrong key, they each run mmauth show and send the local clusters SHA digest to the other administrator. Admin1 then runs the mmremotecluster command and verifies that the SHA digest for Admin2's cluster matches the SHA digest for the key that Admin1 has registered. Admin2 then runs the mmauth show command and verifies that the SHA digest for Admin1's cluster matches the key that Admin2 has authorized.

If Admin1 finds that the SHA digests do not match, Admin1 runs the mmremotecluster update command, passing the correct key file as input.

If Admin2 finds that the SHA digests do not match, Admin2 runs the mmauth update command, passing the correct key file as input.

Cluster name: fksdcm.pok.ibm.com
Cipher list: EXP1024-RC2-CBC-MD5
SHA digest: d5eb5241eda7d3ec345ece906bfcef0b6cd343bd
File system access: fs1 (rw, root allowed)


Cluster name: kremote.cluster
Cipher list: EXP1024-RC4-SHA
SHA digest: eb71a3aaa89c3979841b363fd6d0a36a2a460a8b
File system access: fs1 (rw, root allowed)

Cluster name: dkq.cluster (this cluster)
Cipher list: AUTHONLY
SHA digest: 090cd57a2e3b18ac163e5e9bd5f26ffabaa6aa25
File system access: (all rw)