1. Security Guide
  2. Security.xml Parameters
  3. Top-level parameters

Top-level parameters

The following top-level parameters can be set to the security.xml file:

  • internalAuth

    Specifies how internal systems authenticate. This parameter must be set to SSL.

  • keystore

    Identifies the keystore file within the security directory. This parameter is normally set to store.keys.

  • keystoreType

    Identifies the type of keystore that the keystore property references. If not set, the JKS keystore type is used by default.

  • keystoreSigPrivateKeyAlias

    Specifies the keystore alias that identifies the keypair used by replication nodes to create signatures. If not specified, the alias "shared" is used.

  • truststoreSigPublicKeyAlias

    Specifies the truststore alias that identifies the certificate used by replication nodes to verify signatures. If not specified, the alias "mykey" is used.

  • securityEnabled

    To enable security this parameter must be set to true.

  • certMode

    Specifies the key/certificate management model in use. This must be set to "shared".

  • truststore

    Identifies the truststore file within the security directory. This is normally set to store.trust.

  • truststoreType

    Identifies the type of keystore that the truststore property references. If not set, the JKS keystore type is used by default.

  • walletDir

    Identifies a directory within the security directory that contains a wallet password store, which in turn holds the password for the keystore.

  • passwordFile

    Identifies a file within the security directory that contains a file password store, which in turn holds the password for the keystore.

  • krbServiceName

    Specifies the service name of the Oracle NoSQL Database Kerberos service principal.

  • krbInstanceName

    Specifies the service principal instance name.

  • krbServiceKeytab

    Specifies the keytab file name in the security directory that contains the KVStore server service principal and encrypted copy of principal’s key.

  • krbConf

    Specifies the location of the Kerberos configuration file that contains the default realm and KDC information. If not specified, the default value is /etc/krb5.conf.

  • krbRealmName

    Specifies the realm name of service principal. If not specified, this value is acquired from the Kerberos configuration file.

  • userExternalAuth

    Specifies and enables the external mechanism used for authentication. Kerberos is supported. Set the value to KERBEROS to enable Kerberos authentication. To remove Kerberos authentication from a running store, set the value to NONE.