[color=red]节点间的认证是通过cookie运算挑战码再比较是否相同而决定节点间可否连接。[/color]
11.7 Security
Authentication determines which nodes are allowed to communicate with each other. In a network of different Erlang nodes, it is built into the system at the lowest possible level. Each node has its own magic cookie, which is an Erlang atom.
When a nodes tries to connect to another node, the magic cookies are compared. If they do not match, the connected node rejects the connection.
At start-up, a node has a random atom assigned as its magic cookie and the cookie of other nodes is assumed to be nocookie. The first action of the Erlang network authentication server (auth) is then to read a file named $HOME/.erlang.cookie. If the file does not exist, it is created. The UNIX permissions mode of the file is set to octal 400 (read-only by user) and its contents are a random string. An atom Cookie is created from the contents of the file and the cookie of the local node is set to this using erlang:set_cookie(node(), Cookie). This also makes the local node assume that all other nodes have the same cookie Cookie.
Thus, groups of users with identical cookie files get Erlang nodes which can communicate freely and without interference from the magic cookie system. Users who want run nodes on separate file systems must make certain that their cookie files are identical on the different file systems.
For a node Node1 with magic cookie Cookie to be able to connect to, or accept a connection from, another node Node2 with a different cookie DiffCookie, the function erlang:set_cookie(Node2, DiffCookie) must first be called at Node1. Distributed systems with multiple user IDs can be handled in this way.
The default when a connection is established between two nodes, is to immediately connect all other visible nodes as well. This way, there is always a fully connected network. If there are nodes with different cookies, this method might be inappropriate and the command line flag -connect_all false must be set, see erl(1).
The magic cookie of the local node is retrieved by calling erlang:get_cookie().
[color=red]
我过去以为你个erlang集群只能使用一个cookie但是实际上理解错误.
默认情况下和所有的节点通信都是用本地的cookie, 但是如果别的节点有不同的cookie, 我们可以erlang:set_cookie(Node2, DiffCookie),然后再connect_node().
注意Auth模块已经废弃了,请不要使用.[/color]
11.7 Security
Authentication determines which nodes are allowed to communicate with each other. In a network of different Erlang nodes, it is built into the system at the lowest possible level. Each node has its own magic cookie, which is an Erlang atom.
When a nodes tries to connect to another node, the magic cookies are compared. If they do not match, the connected node rejects the connection.
At start-up, a node has a random atom assigned as its magic cookie and the cookie of other nodes is assumed to be nocookie. The first action of the Erlang network authentication server (auth) is then to read a file named $HOME/.erlang.cookie. If the file does not exist, it is created. The UNIX permissions mode of the file is set to octal 400 (read-only by user) and its contents are a random string. An atom Cookie is created from the contents of the file and the cookie of the local node is set to this using erlang:set_cookie(node(), Cookie). This also makes the local node assume that all other nodes have the same cookie Cookie.
Thus, groups of users with identical cookie files get Erlang nodes which can communicate freely and without interference from the magic cookie system. Users who want run nodes on separate file systems must make certain that their cookie files are identical on the different file systems.
For a node Node1 with magic cookie Cookie to be able to connect to, or accept a connection from, another node Node2 with a different cookie DiffCookie, the function erlang:set_cookie(Node2, DiffCookie) must first be called at Node1. Distributed systems with multiple user IDs can be handled in this way.
The default when a connection is established between two nodes, is to immediately connect all other visible nodes as well. This way, there is always a fully connected network. If there are nodes with different cookies, this method might be inappropriate and the command line flag -connect_all false must be set, see erl(1).
The magic cookie of the local node is retrieved by calling erlang:get_cookie().
[color=red]
我过去以为你个erlang集群只能使用一个cookie但是实际上理解错误.
默认情况下和所有的节点通信都是用本地的cookie, 但是如果别的节点有不同的cookie, 我们可以erlang:set_cookie(Node2, DiffCookie),然后再connect_node().
注意Auth模块已经废弃了,请不要使用.[/color]
223
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
