Currently, the root password for the frontend is elicited from the user during the frontend installation. Once the password is obtained, 3 crypted versions are generated from the root password. One version is the UNIX crypt version, which forms the root password for the cluster, another is the portable password format which is used for wordpress access. The third is an SHA version which is used as the MySQL root password. These three crypted passwords are stored in the database as shadow attributes.
When compute nodes are installed the root password that is stored in the database is transferred over to the compute node as an XML entity. This way we maintain root password consistency between client nodes and frontend. Any changes made to the root password on the frontend using the passwd command is propogated to the compute nodes using the 411 system.
From the above description of the existing design, we can see that the root password is stored in multiple places and used for multiple purposes. We determined that this was not the optimal security situation, and could use changes.
The way we've implemented changes are as follows:
As soon as the root password is obtained from the admin, it is converted to only the UNIX crypt format. It is used during the installation to set the root password, and is not used for any other purposes, and is not stored in the database.
Random passwords are generated for root access to the database and access to the wordpress engine.
The root account on each compute node gets a random root password.
The 411 system uses plugins to filter the content of the password and shadow files so that it does not transmit information about any accounts with UID under 500. Therefore, any changes made to the root password on the frontend is not propagated to the compute nodes.
To change the root password for the compute nodes, the admin may now use the "secure attribute" infrastructure in Rocks. The admin may also use the passwd command on the compute nodes to change the password without fear of override.
You may NOT use both the secure attributes and the passwd command to change the password on the compute nodes. If you do, the value in the secure attributes table always wins.
To change the root password on the frontend, you can now use the passwdcommand, and not worry about changing any of the other passwords in the cluster.
This section describes how to change the root password for compute nodes. It uses the rocks secure attribute infrastructure
# rocks set host sec_attr compute attr=root_pw Enter root_pw: Confirm root_pw: # rocks list host sec_attr compute HOST ATTR VALUE ENC compute-0-0: root_pw $1$G55uZRrO$5MI7Nv14U5yWfKAlauqPE0 crypt compute-0-1: root_pw $1$G55uZRrO$5MI7Nv14U5yWfKAlauqPE0 crypt # rocks sync host sec_attr compute
rocks set host sec_attr creates the entry in the database.
rocks sync host sec_attr changes the root password on the compute nodes.
The admin can also set different root password for each node