2.7.2. SSL and Administration Authentication | ||
---|---|---|
Prev | 2.7. Deploying SSL Secured Replication and Administration | Next |
Continuent Tungsten uses JMX RMI to perform remote administration and obtain information from remote hosts within the dataservice. This communication can be encrypted and authenticated.
To configure this operation two files are required, one defines the authentication configuration, the other configures the username/password combinations used to authenticate. These files and configuration are used internally by the system to authenticate.
The authentication configuration defines the users and roles. The file should match the following:
monitorRole readonly controlRole readwrite \ create javax.management.monitor.*,javax.management.timer.* \ unregister tungsten readwrite \ create javax.management.monitor.*,javax.management.timer.* \ unregister
The contents or description of this file must not be changed. Create a
file containing this information in your configuration, for example
jmxremote.access
Now a corresponding password configuration must be created using the tpasswd tool. By default, plain-text passwords are generated:
shell> tpasswd -c tungsten password
-t rmi_jmx \
-p ~/passwords.store \
-ts truststore.ts -tsp password
To use encrypted passwords, the truststore and truststore password must be
supplied so that the certificate can be loaded and used to encrypt the
supplied password. The -e
must be
specified to encrypt the password:
shell> tpasswd -c tungsten password \
-t rmi_jmx \
-p ~/passwords.store \
-e \
-ts truststore.ts -tsp password
This creates a user, tungsten
, with
the password password
in the file
~/passwords.store
.
The password file, and the JMX security properties file will be needed during configuration. See Section 2.7.3, “Configuring the Secure Service through tpm”.