Contents
The following epadmin targets allow you
to administer various aspects of a node's security configuration, and let you
reconfigure settings while the node is running. See epadmin help targetname for usage information
about each target.
| configuration |
| password |
| realm |
| secret |
| security |
| user |
Use any of the following commands to understand the current security configuration of a running node, specifying either the node's --adminport or --servicename:
| epadmin display security |
| epadmin display configuration |
| epadmin display realm |
| epadmin display user |
Activating a realm configuration with the epadmin activate configuration command creates the realm; deactivating the realm configuration with epadmin deactivate configuration removes it. You can change the current configuration by activating a new version.
The StreamBase Runtime supports live update of realm configurations. That is, you can activate a new version of a realm configuration version and all authentication and authorization using that realm automatically begin using the new version without requiring an engine restart. Use epadmin load configuration to upload a new configuration file with the same HOCON type and name, but an incremented version string. Then deactivate the current configuration and activate the new one.
Each realm has a unique name. Attempts to activate a configuration containing a different realm with the same name as an existing realm fails.
Realms are referenced by the listener configurations that use them, and by the node administration engine. Attempts to deactivate the configuration of a realm that is referenced fails.
A node can have any number of active realm configurations, except for Kerberos realms, which allow only one.
Note
When updating a Local Admin Realm, the initialPrincipals in the updated version must be identical to those in the original realm. Otherwise validation of the realm fails.
The following epadmin security target commands are deprecated as of StreamBase 10.3.0. They can continue to be executed, but are not visible in online help:
| add security |
| display security --type (authenticationsources | audit | principals) only |
| export security |
| remove security |
| reset security |
| update security |
The following epadmin security target commands are deprecated as of StreamBase 10.4.0
| display security --type hosts |
Use epadmin display trusted instead.
The LocalAdminAuthenticationRealm root object in the security configuration type is deprecated as of the 10.3.0 release.
Existing configurations can be loaded and activated on nodes, but TIBCO encourages
you to migrate to the LocalAdminRealm configuration.
The LocalAuthenticationRealm root object in the
security configuration type deprecates the principals property in favor of initialPrincipals.