Step 4: Configure etcha.dauthkeys | Linux Enterprise Cluster: Build a Highly Available Cluster with Commodity Hardware and Free Software

Step 4: Configure /etc/ha.d/authkeys

In this step we will install the security configuration file called /etc/ha.d/ authkeys. The sample configuration file included with the Heartbeat distribution should be modified to protect your configuration from an attack by doing the following:

Locate and copy the sample authkeys file into place with these commands:

 #rpm -qd heartbeat | grep authkeys #cp /usr/share/doc/packages/heartbeat/authkeys /etc/ha.d

Edit the /etc/ha.d/authkeys file so the only uncommented lines look like this:

 auth1 1 sha1 testlab

Note

In these lines, don't mistake the number 1 for the letter l. The first line is auth followed by the digit one, and the second line is the digit one followed by sha, the digit one, and then testlab.

In this example, testlab is the digital signature key used to digitally sign the heartbeat packets, and Secure Hash Algorithm 1 (sha1) is the digital signature method to be used. Change testlab in this example to a password you create, and make sure it is the same on both systems.

Make sure the authkeys file is only readable by root:
```
 #chmod 600 /etc/ha.d/authkeys 
```

CAUTION

If you fail to change the security of this file using this chmod command, the Heartbeat program will not start, and it will complain in the /var/log/messages file that you have secured this file improperly.