epadmin-realm
epadmin realm target — Backs up, restores, and administers local authentication realms.
DESCRIPTION
A security realm is a set of configured security providers, users, groups, security roles, and security policies that provide authentication of users and machines and manage authorization or rights to use resources. Nodes can be configured to use one or more security realms or use the simple default realm. The Spotfire Streaming security model is documented in StreamBase Security Model.
Use the epadmin realm target to view the current set of realms active for the specified nodes, to back up and restore a realm's settings, and to get and set realms for activation.
The realm target has five commands:
The designation [ in syntax examples is a reminder that this command requires either the global parameter sn|ad]‑‑servicename or the ‑‑adminport and ‑‑hostname combination to identify the node or cluster of interest.
epadmin backup realm
Backs up a local authentication realm to a file.
epadmin[backup realm --file=defaultRealm.backup epadminsn|ad][backup realm --name=myLocalAuthRealm --file=localAuth.backupsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
name |
Realm name. | No. Default value is default-realm.
|
|
Client-side file name path. | Yes. |
epadmin display realm
Displays information lines about the currently active realms for a node.
epadmin[display realm epadminsn|ad][display realm --name=myLocalAuthRealmsn|ad]
Example output:
[B.sbuser] Realm Name = default-realm [B.sbuser] Realm Type = local authentication realm [B.sbuser] Referenced By = (node administration)
| Command Parameter | Description | Required |
|---|---|---|
name |
Realm name. | No. The default is to display all realms. |
epadmin getadmin realm
Returns the authentication realm currently being used for node administration. This is useful when more than one realm is configured for a node.
epadmin [sn|ad] getadmin realmepadmin restore realm
Restores a local authentication realm settings from a backup file made with backup realm. This command replaces the entire configuration of the specified realm with the contents of the backup.
epadmin[restore realm --file=/opt/backups/realm.backup epadminsn|ad][restore realm --file=/opt/backups/realm.backup --name=myLocalAuthRealmsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
file |
Path to a backup file made with backup realm. | Yes. |
name |
Realm name. | No. Default value is default-realm.
|
epadmin setadmin realm
For a node with more than one local authentication realm activated, sets which realm is to be the primary administration realm going forward.
The user specified with the --newrealmusername parameter must have administrator privileges (described in Role to Privilege Authorization) in the new authentication realm being set for node administration, otherwise the command fails. This ensures that there
is at least one user in the new realm that has node administration privileges.
If the new realm has the current OS user name defined as administrator (just as the default realm does), then you only need
to specify --newrealmpassword. The make this practical, especially if your alternate configuration requires passwords, first change the password for the
default user in the active default realm with epadmin change password. Then specify the same password in your alternate realm's configuration file. See Replacing the Default Realm.
epadmin[setadmin realm epadminsn|ad][setadmin realm --newrealmusername=administrator --newrealmpassword=supersecret epadminsn|ad][setadmin realm --newrealmusername=administrator // password prompt displayed epadminsn|ad][setadmin realm --name=myLocalAuthRealmsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
name |
New realm name. | No. Default value is default-realm.
|
newrealmpassword |
Administration user password in the new authentication realm. | No. Default value is an empty password. If not specified, and newrealmusername is specified, a password prompt is displayed.
|
newrealmusername |
Administration user in the new authentication realm. | No. Default value is operating system user executing command. |