Chapter 5. Security
Prev   Next

Chapter 5. Security

Cluster security model
Sensitive data encryption
Secure communication profiles
User authentication
Trusted hosts
Secure shell (SSH)
Authentication realms
Kerberos
LDAP
Local
OpenId Connect
Privileges
Roles
Administration
Add user
Backing up a local authentication realm
Change a password
Remove a user
Update a user
Changing node administration authentication realm
Reset node authentication
Audit log
Configuration
KerberosAuthenticationRealm
LDAPAuthenticationRealm
LDAPServer
LocalAuthenticationRealm
OIDCAuthenticationRealm
OIDCIdentityProvider
Principal
RoleToPrivilegeMappings
Privilege
SecureCommunicationClientProfile
SecureCommunicationServerProfile
TrustedHosts

This chapter describes the architecture and management of security.

Access control is done with users, which are formally known as principals. A principal has a credential (password) and they are granted one or more roles. Principals are managed using administration commands.

A user who installs a node is automatically granted administrative access to the node. This user is defined as a valid principal for the node. There is no password associated with this user and they can only access the node using the trusted host mechanism (see the section called “Trusted hosts”). To use the standard user name and password authentication mechanism this user must be updated to have a password.

This user has full administrative control of the installed node when logged in from a trusted host.

It is also possible to specify a different user at node installation. This user must specify a password at node installation since the user name is different than the operating system user that is installing the node. This user is also granted full administrative access to the installed node. See the section called “Default security” for details.

Apart from the user that installed the node, other users may administer the node only if they are granted administration privileges using a role. See the section called “Roles” for complete details on the default security roles.

You can use administration clients without authentication to view some public properties for each node on the network. These are the properties published by the discovery service.

Access to all other node details - and to the managed elements contained within the node - is controlled via the security service. To access these elements, you need to be authenticated. Authentication is performed for each command executed using the command line client. JMX authentication is specific to the JMX tool.

The security model is defined more formally in Figure 5.1, “Security Model”.

Security Model

Figure 5.1. Security Model


The concepts in the security model are:

A principal definition contains one or more role names that define the privileges granted to the principal.

Prev   Next
Engine administration Home Cluster security model