epadmin-realm

epadmin realm target — Backs up, restores, and administers local authentication realms.

SYNOPSIS

epadmin [globalparameters] command realm [commandparameters]

DESCRIPTION

A security realm is a set of configured security providers, users, groups, security roles, and security policies that provide authentication of users and machines and manage authorization or rights to use resources. Nodes can be configured to use one or more security realms or use the simple default realm. The Spotfire Streaming security model is documented in StreamBase Security Model.

Use the epadmin realm target to view the current set of realms active for the specified nodes, to back up and restore a realm's settings, and to get and set realms for activation.

The realm target has five commands:

The designation [sn|ad] in syntax examples is a reminder that this command requires either the global parameter ‑‑servicename or the ‑‑adminport and ‑‑hostname combination to identify the node or cluster of interest.

epadmin backup realm

Backs up a local authentication realm to a file.

epadmin [sn|ad] backup realm --file=defaultRealm.backup
epadmin [sn|ad] backup realm --name=myLocalAuthRealm --file=localAuth.backup
Command Parameter Description Required
name Realm name. No. Default value is default-realm.
file Client-side file name path. Yes.

epadmin display realm

Displays information lines about the currently active realms for a node.

epadmin [sn|ad] display realm
epadmin [sn|ad] display realm --name=myLocalAuthRealm

Example output:

[B.sbuser] Realm Name = default-realm
[B.sbuser] Realm Type = local authentication realm
[B.sbuser] Referenced By = (node administration)
Command Parameter Description Required
name Realm name. No. The default is to display all realms.

epadmin getadmin realm

Returns the authentication realm currently being used for node administration. This is useful when more than one realm is configured for a node.

epadmin [sn|ad] getadmin realm

epadmin restore realm

Restores a local authentication realm settings from a backup file made with backup realm. This command replaces the entire configuration of the specified realm with the contents of the backup.

epadmin [sn|ad] restore realm --file=/opt/backups/realm.backup
epadmin [sn|ad] restore realm --file=/opt/backups/realm.backup --name=myLocalAuthRealm
Command Parameter Description Required
file Path to a backup file made with backup realm. Yes.
name Realm name. No. Default value is default-realm.

epadmin setadmin realm

For a node with more than one local authentication realm activated, sets which realm is to be the primary administration realm going forward.

The user specified with the --newrealmusername parameter must have administrator privileges (described in Role to Privilege Authorization) in the new authentication realm being set for node administration, otherwise the command fails. This ensures that there is at least one user in the new realm that has node administration privileges.

If the new realm has the current OS user name defined as administrator (just as the default realm does), then you only need to specify --newrealmpassword. The make this practical, especially if your alternate configuration requires passwords, first change the password for the default user in the active default realm with epadmin change password. Then specify the same password in your alternate realm's configuration file. See Replacing the Default Realm.

epadmin [sn|ad] setadmin realm
epadmin [sn|ad] setadmin realm --newrealmusername=administrator --newrealmpassword=supersecret
epadmin [sn|ad] setadmin realm --newrealmusername=administrator // password prompt displayed
epadmin [sn|ad] setadmin realm --name=myLocalAuthRealm
Command Parameter Description Required
name New realm name. No. Default value is default-realm.
newrealmpassword Administration user password in the new authentication realm. No. Default value is an empty password. If not specified, and newrealmusername is specified, a password prompt is displayed.
newrealmusername Administration user in the new authentication realm. No. Default value is operating system user executing command.