Contents
The following epadmin targets allow you
to administer various aspects of a node's security configuration, and let you
reconfigure settings while the node is running. See epadmin help targetname
for usage information
about each target.
configuration |
password |
realm |
secret |
security |
user |
Use any of the following commands to understand the current security configuration of a running node, specifying either the node's --adminport or --servicename:
epadmin display security |
epadmin display configuration |
epadmin display realm |
epadmin display user |
Activating a realm configuration with the epadmin activate configuration command creates the realm; deactivating the realm configuration with epadmin deactivate configuration removes it. You can change the current configuration by activating a new version.
The StreamBase Runtime supports live update of realm configurations. That is, you can activate a new version of a realm configuration version and all authentication and authorization using that realm automatically begin using the new version without requiring an engine restart. Use epadmin load configuration to upload a new configuration file with the same HOCON type and name, but an incremented version string. Then deactivate the current configuration and activate the new one.
Each realm has a unique name. Attempts to activate a configuration containing a different realm with the same name as an existing realm fails.
Realms are referenced by the listener configurations that use them, and by the node administration engine. Attempts to deactivate the configuration of a realm that is referenced fails.
A node can have any number of active realm configurations, except for Kerberos realms, which allow only one.
Note
When updating a Local Admin Realm, the initialPrincipals in the updated version must be identical to those in the original realm. Otherwise validation of the realm fails.
The following epadmin security target commands are deprecated as of StreamBase 10.3.0. They can continue to be executed, but are not visible in online help:
add security |
display security --type (authenticationsources | audit | principals) only |
export security |
remove security |
reset security |
update security |
The following epadmin security target commands are deprecated as of StreamBase 10.4.0
display security --type hosts |
Use epadmin display trusted instead.
The LocalAdminAuthenticationRealm root object in the security
configuration type is deprecated as of the 10.3.0 release.
Existing configurations can be loaded and activated on nodes, but it is a best
practice to migrate to the LocalAdminRealm configuration.
The LocalAuthenticationRealm
root object in the
security
configuration type deprecates the principals
property in favor of initialPrincipals
.