Clustered systems use a group
number and a cluster password to both allow multiple independent
clustered systems to coexist on the same extended local area network
(LAN) and to prevent accidental access to a cluster by unauthorized
computers. The group number uniquely identifies each cluster system
on a LAN. The cluster password serves as an additional check to
ensure the integrity of individual clusters on the same LAN that
accidentally use identical group numbers. The password also prevents
an intruder who discovers the group number from joining the cluster.
The cluster group number and password (in encrypted form)
are maintained in the cluster authorization file, SYS$COMMON:[SYSEXE]CLUSTER_AUTHORIZE.DAT.
This file is created during installation of the operating system
if you indicate that you want to set up a local area or mixed interconnect
cluster. The installation procedure then prompts you for the cluster
group number and password.
Under normal conditions, you need not alter records in the
CLUSTER_AUTHORIZE.DAT file interactively. However, if you suspect
a security breach, you may want to change the cluster password.
In that case, you use SYSMAN to make the change. The file is accessible
only to users with the SYSPRV privilege. Note that if you change
either the group number or the password, you must reboot the entire
cluster.
If your configuration has multiple system disks, each disk
must have a copy of CLUSTER_AUTHORIZE.DAT. You must run SYSMAN to
update all copies.
The following command sequence illustrates the use of SYSMAN
to change the cluster password:
SYSMAN> SET CLUSTER_AUTHORIZATION/GROUP_NUMBER=65353SYSMAN> SET ENVIRONMENT/CLUSTER/NODE21SYSMAN> SET PROFILE /PRIVILEGE=SYSPRVSYSMAN> CONFIGURATION SET CLUSTER_AUTHORIZATION/PASSWORD=HOOVER%SYSMAN-I-CAFOLDGROUP, existing group will not be changed%SYSMAN-I-GRPNOCHG, Group number not changed%SYSMAN-I-CAFREBOOT, cluster authorization file updated The entire cluster should be rebooted.
HP OpenVMS Guide to System Security
Security for the System Administrator
