A catalog server contains two different levels of security information: The first level contains the security properties that are common to all the WebSphere® eXtreme Scale servers, including the catalog service and container servers. The second level contains the security properties that are specific to the catalog server.
To configure the security XML descriptor file in a Java SE environment, use a -clusterSecurityFile option when you run the startOgServer or startXsServer command. Specify a value in a file format, such as samples_home/security_extauth/security3.xml.
<securityConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://ibm.com/ws/objectgrid/config/security ../objectGridSecurity.xsd"
xmlns="http://ibm.com/ws/objectgrid/config/security">
<security securityEnabled="true">
<authenticator
className="com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginAuthenticator">
</authenticator>
</security>
</securityConfig>
The following properties are defined
in the security3.xml file: securityEnabled=true
credentialAuthentication=Required
transportType=TCP/IP
secureTokenManagerType=none
authenticationSecret=ObjectGridDefaultSecret
Because the KeyStoreLoginAuthenticator implementation uses a login module, you must configure the login model with a JAAS authentication login configuration file. The contents of the xsjaas3.config file follows:
KeyStoreLogin{
com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginModule required
keyStoreFile="samples_home/security_extauth/sampleKS3.jks" debug = true;
};
If you used a location for samples_home other than /wxs_samples/,
you need to update the location of the keyStoreFile. This login configuration
indicates that the com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginModule
module is used as the login module. The keystore file is set to the sampleKS3.jks file.The sampleKS3.jks sample keystore file stores two user IDs and the passwords: manager/manager1 and cashier/cashier1.
keytool -genkey -v -keystore ./sampleKS3.jks -storepass sampleKS1
-alias manager -keypass manager1 -dname CN=manager,O=acme,OU=OGSample
-validity 10000
keytool -genkey -v -keystore ./sampleKS3.jks -storepass sampleKS1
-alias operator -keypass operator1 -dname CN=operator,O=acme,OU=OGSample
-validity 10000
To start the catalog server, issue the startOgServer or startXsServer command with the -clusterFile and -serverProps parameters to pass in the security properties.
You can use the stopOgServer or stopXsServer command to stop the catalog server.
You configured catalog server security by associating the security3.xml, catServer3.props, xsjaas3.config files with the catalog service.