Creating secure agent passwords
Follow these instructions to create secure passwords for agents.
To encrypt agent passwords by using security keys
- Make sure that you have the privileges that are required to encrypt passwords.
Generate a security key from a node where VCS is running as follows:
-
Make the VCS configuration writable.
# haconf -makerw
-
Run the vcsencrypt utility:
# vcsencrypt -gensecinfo
-
When a message appears, enter a password and press Return.
Please enter a passphrase of minimum 8 characters.
Passphrase:
Generating SecInfo...please wait...
SecInfo generated successfully.
SecInfo updated successfully.
-
Save the VCS configuration file.
# haconf -dump
Encrypt the agent password with the security key that you generated.
-
On a node where VCS is running, enter the following command:
# vcsencrypt -agent -secinfo
-
When prompted, enter a password and press Return. The utility prompts you to enter the password twice.
Enter Password:
Enter Again:
The utility encrypts the password and displays the encrypted password.
Verify that VCS uses the new encryption mechanism by doing the following:
Verify that the SecInfo cluster attribute is added to the main.cf file with the security key as the value of the attribute.
-
Verify that the password that you encrypted resembles the following:
SApswd=7c:a7:4d:75:78:86:07:5a:de:9d:7a:9a:8c:6e:53:c6