1. Security Guide
  2. Authentication in TimesTen
  3. Membership Services Access Control

Membership Services Access Control

In TimesTen Scaleout, all ZooKeeper connections for membership services have world permission by default, so it is important to limit this access to an authenticated user.

This user name applies to all grid instances connecting to ZooKeeper and to the zkCli command-line utility. Lack of a specified user name and password is supported for backward compatibility only.

Specify the ZooKeeper user name through the -membershipUser option of the ttGridAdmin gridCreate or gridModify command. When you specify the user name on thettGridAdmin command line, you are prompted to enter the password. For example: 

% ttGridAdmin gridModify -membershipUser pat
Enter membership password: zk_pwd
Password accepted
Grid Definition modified.

This will result in the ZooKeeper access control list being defined accordingly on each node. Changes to the user name and password will take effect with the next ttGridAdmin modelApply command, at which time ZooKeeper connections on all grid instances are re-authenticated (which may cause a brief disconnection from membership services).

The membership services user name and password are stored in an Oracle Wallet. You can specify the path to the location of the wallet on each instance of a grid (including management instances) by using the ttGridAdmin gridCreate -walletDir option. After creation of the grid, you can use the ttGridAdmin instanceCreate -walletDir option to specify a different wallet location for the standby management instance or any data instance. The default wallet location is timesten_home/info. The ttGridAdmin modelApply command will send new wallets to all new instances. (The same wallet is also used to store credentials for TimesTen Scaleout administration, the password of the Oracle cache administration user, and other internal TimesTen credentials.)

See Setting Up the Membership Service in Oracle TimesTen In-Memory Database Scaleout User's Guide. Use of zkCli is shown in Start the ZooKeeper Servers and Managing a Development or Test Environment.

See Create a Grid (gridCreate) and Modify Grid Settings (gridModify) in Oracle TimesTen In-Memory Database Reference.