ctdb-doc: Document reasons for separating private and public networks

Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
author: Martin Schwenke <martin@meltin.net> 2016-01-21 20:02:41 +1100
committer: Martin Schwenke <martins@samba.org> 2016-01-27 12:14:29 +0100
commit: bfaf893852af1ddf9b213df8a4ac71b0c4f43fec (patch)
tree: e85ef4912b0696fd69c80b687de9023bbd632bec /ctdb/doc/ctdb.7.xml
parent: 465c3d9a4e1a30e334922149f3ed1057f09fe169 (diff)
download: samba-bfaf893852af1ddf9b213df8a4ac71b0c4f43fec.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/ctdb/doc/ctdb.7.xml b/ctdb/doc/ctdb.7.xml
index 6fab41cff5c..40d3387f078 100644
--- a/ctdb/doc/ctdb.7.xml
+++ b/ctdb/doc/ctdb.7.xml
@@ -179,7 +179,12 @@
       <para>
         It is strongly recommended that the private addresses are
         configured on a private network that is separate from client
-        networks.
+        networks.  This is because the CTDB protocol is both
+        unauthenticated and unencrypted.  If clients share the private
+        network then steps need to be taken to stop injection of
+        packets to relevant ports on the private addresses.  It is
+        also likely that CTDB protocol traffic between nodes could
+        leak sensitive information if it can be intercepted.
       </para>
 
       <para>
author	Martin Schwenke <martin@meltin.net>	2016-01-21 20:02:41 +1100
committer	Martin Schwenke <martins@samba.org>	2016-01-27 12:14:29 +0100
commit	bfaf893852af1ddf9b213df8a4ac71b0c4f43fec (patch)
tree	e85ef4912b0696fd69c80b687de9023bbd632bec /ctdb/doc/ctdb.7.xml
parent	465c3d9a4e1a30e334922149f3ed1057f09fe169 (diff)
download	samba-bfaf893852af1ddf9b213df8a4ac71b0c4f43fec.tar.gz