[Info-vax] CLUSTER_AUTHORIZE.DAT

[Stephen Hoffman]

On 2019-03-29 17:31:06 +0000, Richard B said:

> I recently changed the cluster password, via SYSMAN CONFIG SET command, 
> as I had forgotten the password I set during the initial cluster set up 
> back in the heady days of 2013!

Next time?  Copy the cluster authorize file.

> So my question is this:  I guess the present cluster does not read 
> cluster_authorize.dat when, or as, needed. Is it loaded into RAM, 
> perhaps, during boot?  Just curious.

Copy the old cluster_authorize file in from backup, load that onto all 
of the existing hosts, and off you go.

As for the cluster password?  I usually enter fifteen or thirty 
characters of random alphanumeric garbage into the cluster password 
field and make no effort to record that, and then copy around the 
cluster_authorize file.  Treat the file as the cluster access token.

For this case?  It might well be possible to reset the password on each 
host, and then copy around the resulting cluster authorize file.  But 
I've not tried that.  Rolling backup is the arcane and convoluted 
approach that I'd expect to work.


BTW, and in no particular order...

I'm not suggesting arcane- or convoluted-looking approaches because I 
want to be posting such.  I'm suggesting these approaches because 
that's what usually works.

It may well be feasible to crack the old password given the woefully 
fast hashing scheme used on OpenVMS.  See John The Ripper (JTR), if 
you're curious and have a decently-fast processor around.  Writing a 
Purdy OpenCL routine for JTR or for hashcat would be an interesting 
enhancement, too.

At some point in the distant future and when cluster communications 
security works its way to the top of the schedule, it may well be 
reasonable to replace all this with a DH or DHE scheme.  But what's 
here works for now, and it's not like SCS is secure.





-- 
Pure Personal Opinion | HoffmanLabs LLC