Starting Realm Services with Authentication

To use a data grid with authentication, secure realm services using transport encryption plus authentication must be used.

The remainder of this section contains examples of using a flat-file for authentication. You must alter the steps as required for the type of authentication you intend to use with your data grid.

Prerequisites

Use secure realm services that have enabled transport encryption and authentication.

Procedure

  1. Determine the type of authentication you need by reading the section on "Authentication Service" in the documentTIBCO FTL® Administration.
  2. Perform authentication setup tasks required prior to starting up the realm service. For flat-file authentication, create a flat-file with user names, passwords, and authentication groups. For details, see Authorization Groups.
  3. Start a secure primary realm service as described in step 1 under Transport Encryption with the additional authentication options required for the type of authentication you are going to use. 
    tibrealmserver -http <host>:<port> --data <rs_db_path> --secure pass:<keystore_pwd> --tls.trust.file 
<trust_file_path> --auth.url file://<flat_file_path> --server.user <rs_user_name> --server.password <rs_user_pwd>
    Note: When using TIBCO FTL 6.0 or later, use tibftlserver instead of tibrealmserver. Refer to the TIBCO FTL® Administration guide for information on converting TIBCO FTL 5.x tibrealmserver command-line options into the appropriate TIBCO FTL 6.x configuration file options, most of which use the same name . For example, --server.user is the server.user configuration file option.
  4. Ensure the trust file from the primary realm service has been copied to locations where any affiliated realm service (e.g. backup, satellite), each of the data grid’s processes, and any client processes can access a copy of it.
  5. Start the affiliated realm services (for example backup, satellite) and enable transport encryption.
  6. Set the following authentication options: 
    --secure pass:<keystore_pwd>
--tls.trust.file <path>
--server.user <rs_user_name>
--server.password <rs_user_pwd>
--auth.url file://<flat-file path>
    See the TIBCO FTL® Administration guide for more information about running secure realm services, realm service authentication, realm service command-line options, and realm service configuration properties.
Related concepts
Related tasks