Considering authentication requirements between MariaDB Galera Nodes, we would like to suggest several changes to be mate within MariaDB Galera Cluster:
1) Authentication methods should be implemented between MariaDB Galera cluster nodes based either on Kerberos/AD/LDAP. The reason behind this requirement is that in current implementation there is a possibility to attach any node to the cluster with full dump of data inside the database and future access to this data by changing credentials in database.
2) SST methods based on xtrabackup require login/password of user having access to database be written in a plain-text format. We would like to suggest modifying this section to either save credential in encrypted format, or adding Kerberos authentication.