Clustered systems use a groupnumber and a cluster password to both allow multiple independentclustered systems to coexist on the same extended local area network(LAN) and to prevent accidental access to a cluster by unauthorizedcomputers. The group number uniquely identifies each cluster systemon a LAN. The cluster password serves as an additional check toensure the integrity of individual clusters on the same LAN thataccidentally use identical group numbers. The password also preventsan intruder who discovers the group number from joining the cluster.
The cluster group number and password (in encrypted form)are maintained in the cluster authorization file, SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT.This file is created during installation of the operating systemif you indicate that you want to set up a local area or mixed interconnectcluster. The installation procedure then prompts you for the clustergroup number and password.
Under normal conditions, you need not alter records in theCLUSTER_AUTHORIZE.DAT file interactively. However, if you suspecta security breach, you may want to change the cluster password.In that case, you use SYSMAN to make the change. The file is accessibleonly to users with the SYSPRV privilege. Note that if you changeeither the group number or the password, you must reboot the entirecluster.
If your configuration has multiple system disks, each diskmust have a copy of CLUSTER_AUTHORIZE.DAT. You must run SYSMAN toupdate all copies.
The following command sequence illustrates the use of SYSMANto change the cluster password:
SYSMAN> SET CLUSTER_AUTHORIZATION/GROUP_NUMBER=65353SYSMAN> SET ENVIRONMENT/CLUSTER/NODE21SYSMAN> SET PROFILE /PRIVILEGE=SYSPRVSYSMAN> CONFIGURATION SET CLUSTER_AUTHORIZATION/PASSWORD=HOOVER%SYSMAN-I-CAFOLDGROUP, existing group will not be changed%SYSMAN-I-GRPNOCHG, Group number not changed%SYSMAN-I-CAFREBOOT, cluster authorization file updated The entire cluster should be rebooted.
HP OpenVMS Guide to System Security
Security for the System Administrator
