.. _Password-based Authentication:

Password-based Authentication
-----------------------------

|product_name| uses password-based authentication to enhance security in clusters. You have to pass the authentication phase before you can add a new server to the cluster.

Password-based authentication works as follows:

#. You set the authentication password when you create the first MDS server in the cluster. The password you specify is encrypted and saved into the ``/etc/vstorage/clusters/stor1/auth_digest.key`` file on the server.

#. You add new MDS servers, chunk servers, or clients to the cluster and use the ``vstorage auth-node`` command to authenticate them. During authentication, you use the password you set when creating the first MDS server.

#. |product_name| compares the provided password with the one stored on the first MDS server, and if the passwords match, successfully authenticates the server.

For each physical server, authentication is a one-time process. Once a server is authenticated in the cluster (for example, when you configure it as an MDS server), the ``/etc/vstorage/clusters/stor1/auth_digest.key`` file is created on the authenticated server. When you set up this server as another cluster component (e.g., as a chunk server), the cluster checks that the ``auth_digest.key`` file is present and does not require you to authenticate the server again.