Starting Realm Servers with Authentication

To use a data grid with authentication, secure realm servers using transport encryption plus authentication must be used.

The remainder of this section contains examples of using a flat-file for authentication. You must alter the steps as required for the type of authentication you intend to use with your data grid.

Prerequisites

Use secure realm servers that have enabled transport encryption and authentication.

Procedure

  1. Determine the type of authentication you need by reading the section on Realm Server Authentication in the documentTIBCO FTL® Administration.
  2. Perform authentication setup tasks required prior to starting up the realm server. For flat-file authentication, create a flat-file with user names, passwords, and authentication groups. For details, see Authorization Groups.
  3. Start a secure primary realm server as described in step 1 under Transport Encryption with the additional authentication options required for the type of authentication you are going to use. 
    tibrealmserver -http <host>:<port> --data <rs_db_path> --secure pass:<keystore_pwd> --tls.trust.file 
<trust_file_path> --auth.url file://<flat_file_path> --server.user <rs_user_name> --server.password <rs_user_pwd>
  4. Ensure the trust file from the primary realm server has been copied to locations where any affiliated realm server (e.g. backup, satellite), each of the data grid’s processes, and any client processes can access a copy of it.
  5. Start the affiliated realm servers (for example backup, satellite) and enable transport encryption.
  6. Set the following authentication options: 
    --secure pass:<keystore_pwd>
--tls.trust.file <path>
--server.user <rs_user_name>
--server.password <rs_user_pwd>
--auth.url file://<flat-file path>
    See the FTL Administration guide for more information about running secure realm servers, realm server authentication, realm server command-line options, and realm server configuration properties.
Related concepts
Related tasks