Top-level parameters
The following top-level parameters can be set to the security.xml
file:
-
internalAuth
Specifies how internal systems authenticate. This parameter must be set to
SSL
. -
keystore
Identifies the keystore file within the security directory. This parameter is normally set to store.keys.
-
keystoreType
Identifies the type of keystore that the keystore property references. If not set, the JKS keystore type is used by default.
-
keystoreSigPrivateKeyAlias
Specifies the keystore alias that identifies the keypair used by replication nodes to create signatures. If not specified, the alias "
shared
" is used. -
truststoreSigPublicKeyAlias
Specifies the truststore alias that identifies the certificate used by replication nodes to verify signatures. If not specified, the alias "
mykey
" is used. -
securityEnabled
To enable security this parameter must be set to true.
-
certMode
Specifies the key/certificate management model in use. This must be set to "shared".
-
truststore
Identifies the truststore file within the security directory. This is normally set to store.trust.
-
truststoreType
Identifies the type of keystore that the truststore property references. If not set, the JKS keystore type is used by default.
-
walletDir
Identifies a directory within the security directory that contains a wallet password store, which in turn holds the password for the keystore.
-
passwordFile
Identifies a file within the security directory that contains a file password store, which in turn holds the password for the keystore.
-
krbServiceName
Specifies the service name of the Oracle NoSQL Database Kerberos service principal.
-
krbInstanceName
Specifies the service principal instance name.
-
krbServiceKeytab
Specifies the keytab file name in the security directory that contains the KVStore server service principal and encrypted copy of principal’s key.
-
krbConf
Specifies the location of the Kerberos configuration file that contains the default realm and KDC information. If not specified, the default value is
/etc/krb5.conf
. -
krbRealmName
Specifies the realm name of service principal. If not specified, this value is acquired from the Kerberos configuration file.
-
userExternalAuth
Specifies and enables the external mechanism used for authentication. Kerberos is supported. Set the value to
KERBEROS
to enable Kerberos authentication. To remove Kerberos authentication from a running store, set the value toNONE
.