Configuring Security with Remote Access
To configure security with remote access, see the following steps:
-
Create the first admin user:
kv->execute 'CREATE USER admin IDENTIFIED BY "password" ADMIN'
-
Grant the
readwrite
role to the first admin user:kv->execute "GRANT readwrite TO USER admin"
-
Make an admin user security directory for remote access:
ssh CLIENT_HOST mkdir USER/security
-
Copy the SSL trust file from the server node:
scp node01:KVROOT/security/client.trust USER/security/
-
Generate a password store for the first admin user. This step creates an
admin.passwd
file in theUSER/security
directory. You can also copy theadmin.passwd
from other machines to theUSER/security
directory if the file has not been created locally. These are the commands to createadmin.passwd
:java -Xmx64m -Xms64m \ -jar KVHOME/lib/kvstore.jar securityconfig \ pwdfile create -file USER/security/admin.passwd java -Xmx64m -Xms64m \ -jar KVHOME/lib/kvstore.jar securityconfig \ pwdfile secret \ -file USER/security/admin.passwd -set -alias admin -secret password
-
Create an admin user login file as
USER/security/admin.security
:oracle.kv.auth.username=admin oracle.kv.auth.pwdfile.file=USER/security/admin.passwd oracle.kv.transport=ssl oracle.kv.ssl.trustStore=USER/security/client.trust
-
Access the store remotely:
java -Xmx64m -Xms64m \ -jar KVHOME/lib/kvstore.jar runadmin \ -port 5000 -host node01 \ -security USER/security/admin.security