diff options
author | Martin Schwenke <martin@meltin.net> | 2016-01-21 20:02:41 +1100 |
---|---|---|
committer | Martin Schwenke <martins@samba.org> | 2016-01-27 12:14:29 +0100 |
commit | bfaf893852af1ddf9b213df8a4ac71b0c4f43fec (patch) | |
tree | e85ef4912b0696fd69c80b687de9023bbd632bec /ctdb/doc/ctdb.7.xml | |
parent | 465c3d9a4e1a30e334922149f3ed1057f09fe169 (diff) | |
download | samba-bfaf893852af1ddf9b213df8a4ac71b0c4f43fec.tar.gz |
ctdb-doc: Document reasons for separating private and public networks
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Diffstat (limited to 'ctdb/doc/ctdb.7.xml')
-rw-r--r-- | ctdb/doc/ctdb.7.xml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ctdb/doc/ctdb.7.xml b/ctdb/doc/ctdb.7.xml index 6fab41cff5c..40d3387f078 100644 --- a/ctdb/doc/ctdb.7.xml +++ b/ctdb/doc/ctdb.7.xml @@ -179,7 +179,12 @@ <para> It is strongly recommended that the private addresses are configured on a private network that is separate from client - networks. + networks. This is because the CTDB protocol is both + unauthenticated and unencrypted. If clients share the private + network then steps need to be taken to stop injection of + packets to relevant ports on the private addresses. It is + also likely that CTDB protocol traffic between nodes could + leak sensitive information if it can be intercepted. </para> <para> |