Using multiple security levels for remote access
A cluster that owns a file system whose access is to be permitted from other clusters, can designate a different security level for each connecting cluster.
When multiple security levels are specified, each connection must use the security level of the connecting node unless that security level is AUTHONLY. In this case, the security level of the node that accepts the connection is used instead. This means that a connection must use AUTHONLY if both nodes exist in clusters that are required to use the AUTHONLY security method.
To specify a different security level for different clusters that request access to a specified
cluster, use the mmauth -l
cipherList command. Several examples follow to illustrate:
- In this example, cluster1 and cluster2 are
on the same trusted network, and cluster3 is connected to both of them
with an untrusted network. The system administrator chooses these security levels:
- A cipherList of AUTHONLY for connections between cluster1 and cluster2
- A cipherList of AES128-SHA for connections between cluster1 and cluster3
- A cipherList of AES128-SHA for connections between cluster2 and cluster3
The administrator of cluster1 issues these commands:mmauth add cluster2 -k keyFile -l AUTHONLY mmauth add cluster3 -k keyFile -l AES128-SHA
- In this example, cluster2 is accessing file systems that are owned by
cluster1 by using a cipherList of
AUTHONLY, but the administrator of cluster1
decides to require a more secure cipherList. The administrator of
cluster1 issues this command:
mmauth update cluster2 -l AES128-SHA
Existing connections is upgraded from AUTHONLY to AES128-SHA.