CDV ❯ Client security issue with Advanced Security documentation

• Type: Documentation
• Status: Resolved
• Priority: 2 Major
• Resolution: Fixed
• Component/s:
• Labels:

• Assignee:
• Reporter: mmoldenh
• Created: December 05, 2012
• Votes: 0
• Watchers: 3
• Updated:

  January 21, 2013
• Resolved:

  January 21, 2013

Description

In the “Enabling SSL on Terracotta Clients-Create a Keychain Entry” section here (http://terracotta.org/documentation/bigmemorymax/terracotta-server-array/tsa-security) it says “where user must match the value configured in // in the server's security configuration."

The example shows the user name as “server1”, but if we are following the previous documentation in the “Configure Server Security” section it would be “server1username”.

This alone is confusing. However, neither of these work and I get an exception like so: Caused by: java.lang.NullPointerException: KeyChain password for tc://[email protected]:9510 is null

When I change it to use the client username, “client1username”, it works fine. I think the documentation should tell you to run: “bin/keychain.sh -c clientKeychainFile tc://[email protected]:9510” ALso, the “where user must match the value configured in // in the server's security configuration. " sentence should be removed.

The documentation also refers to the client username a “client1username” in one section and “tcclient” in another section. This should be cleaned up.

Comments

Fiona OShea 2013-01-21

Igal can you review the docs in relation to this Jira?

ilevy 2013-01-21

Thanks for the feedback – that page is undergoing a complete overhaul. For now, here’s that section you referred to, updated with respect to the meaning of the client name.

h2. Create a Keychain Entry The Terracotta client should have a keychain file with an entry for every Terracotta server in the cluster. The format for the entry uses the “tc” scheme:

tc://<client-username>@<host>:<tsa-port>

An entry for the server in the example configuration should look like the following:

tc://[email protected]:9510

Use the keychain script in the Terracotta kit to add the entry:

bin/keychain.sh clientKeychainFile tc://[email protected]:9510

If the keychain file does not already exist, use the `-c` flag to create it:

bin/keychain.sh -c clientKeychainFile tc://[email protected]:9510

If creating the keychain file, you will be prompted for a master password.

This entry in the client’s keychain file serves as the key for the client’s password, and will be provided to the server along with the client username (“client1” in the example). These credentials must match those in the server’s .ini file.