ct_cssk.kf File

Purpose

Contains the cluster shared secret key.

Description

In a peer domain with the cluster shared secret key (CSSK) function enabled, the configuration resource manager creates a file called ct_cssk.kf in the /var/ct/domain_name/cfg directory and stores the initial CSSK in it. A ct_cssk.kf file is then created on each node that is online in the peer domain.

The topology services subsystem uses the CSSK to provide message authentication, which ensures the integrity of messages that are sent between nodes within the peer domain. Once the CSSK function is enabled for a peer domain, all RMC, topology services, and group services message traffic is signed for authentication using the CSSK.

Any changes to the CSSK are coordinated across all nodes that are online in the peer domain and any offline nodes when they join the peer domain. The new key is distributed to all online nodes in the peer domain using the current CSSK. On each online node, the configuration resource manager replaces the key value in /var/ct/domain_name/cfg/ct_cssk.kf with the new value, and then refreshes the topology services subsystem to pick up the new key. Once refreshed, the new key is in effect for message authentication.

Security

The permissions of this file are 000. Effectively, only root has read and write access to this file.

Restrictions

The configuration resource manager manages this file automatically. It must not be modified by any other user or program.

Implementation specifics

This file is part of the Reliable Scalable Cluster Technology (RSCT) fileset for AIX®.

Location