1. Security Guide
  2. Security Configuration
  3. Configuring Security with Makebootconfig

Configuring Security with Makebootconfig

Use the makebootconfig command with the -store-security option to set up the basic store configuration with security: 

java -Xmx64m -Xms64m
-jar KVHOME/lib/kvstore.jar makebootconfig
-root <kvroot> -port <port>
-host <hostname> -harange <harange>
-store-security configure -capacity <capacity>
[-secdir <security dir>]
[-pwdmgr {pwdfile | wallet | <class-name>}]
[-kspwd <server key and trust store password>]
[-kstype <key and trust store type>]
[-ctspwd <client.trust password>]
[-external-auth {kerberos}]
[-krb-conf <kerberos configuration>]
[-kadmin-path <kadmin utility path>]
[-instance-name <database instance name>]
[-admin-principal <kerberos admin principal name>]
[-kadmin-keytab <keytab file>]
[-kadmin-ccache <credential cache file>]
[-princ-conf-param <param=value>]*
[-security-param <param=value>]*
[-noadmin]

where -store-security has the following options:

  • -store-security none

    No security will be used. If a directory named "security" exists, a warning message will be displayed. When you opt out of security, you lose all the security features in your store; you are not able to set password authentication for users and systems, encrypt your data to prevent unauthorized access, etc.

  • -store-security configure

    Security will be used and the security configuration utility will be invoked as part of the makebootconfig process. If the security directory already exists, an error message is displayed, otherwise the directory will be created.

    For script-based configuration you can use the -kspwd<password> option to allow tools to specify the keystore password on the command line. If it is not specified, the user is prompted to enter the password.

    Use the -pwdmgr option to select a password manager implementation. Its usage is introduced later in this section.

    Use the -external-auth option to specify Kerberos as an external authentication service. This option is only available in the Oracle NoSQL Database EE version. If information for the Kerberos admin interface (e.g. password) is needed and no keytab or credential cache has been specified on the command line, an interactive version of securityconfig config create utility will run.

    Using the -external-auth flag allows Oracle NoSQL Database to generate the security files needed for Kerberos authentication, based on a standard configuration. Although not recommended, it is possible to use a non-standard configuration. To do this, see Manually Registering Oracle NoSQL Database Service Principal.

  • -store-security enable

    Security will be used. You will need to configure security either by utilizing the security configuration utility or by copying a previously created configuration from another system.

    Note:

    The -store-security command is optional. Even if the user does not specify -store-security, it would be enabled by default.

For more information on configuring security with makebootconfig, see Adding Security to a New Installation.