The following epadmin targets allow you to administer various aspects of a node's security configuration, and let you reconfigure settings while
the node is running. See epadmin help
targetname for usage information about each target.
Use any of the following commands to understand the current security configuration of a running node, specifying either the node's --adminport or --servicename:
|epadmin display security|
|epadmin display configuration|
|epadmin display realm|
|epadmin display user|
Activating a realm configuration with the epadmin activate configuration command creates the realm; deactivating the realm configuration with epadmin deactivate configuration removes it. You can change the current configuration by activating a new version.
The StreamBase Runtime supports live update of realm configurations. That is, you can activate a new version of a realm configuration version and all authentication and authorization using that realm automatically begin using the new version without requiring an engine restart. Use epadmin load configuration to upload a new configuration file with the same HOCON type and name, but an incremented version string. Then deactivate the current configuration and activate the new one.
Each realm has a unique name. Attempts to activate a configuration containing a different realm with the same name as an existing realm fails.
Realms are referenced by the listener configurations that use them, and by the node administration engine. Attempts to deactivate the configuration of a realm that is referenced fails.
A node can have any number of active realm configurations, except for Kerberos realms, which allow only one.
When updating a Local Admin Realm, the initialPrincipals in the updated version must be identical to those in the original realm. Otherwise validation of the realm fails.
The following epadmin security target commands are deprecated as of StreamBase 10.3.0. They can continue to be executed, but are not visible in online help:
|display security --type (authenticationsources | audit | principals) only|
The LocalAdminAuthenticationRealm root object in the
security configuration type is deprecated as of the 10.3.0 release. Existing configurations can be loaded and activated on nodes,
but TIBCO encourages you to migrate to the LocalAdminRealm configuration.
LocalAuthenticationRealm root object in the
security configuration type deprecates the
principals property in favor of