Enable User Authentication

To enable user authentication with SQLFire, you must use a SQLFire locator for member discovery. SQLFire uses mutual authentication between the SQLFire locator and subsequent SQLFire members that boot and join the distributed system. User authentication is not supported if you use multicast for member discovery.

Procedure


  1. For each member of the SQLFire cluster (servers, locators, and accessors), set the sqlfire.auth-provider property to enable user authentication and to specify the mechanism that SQLFire uses to authenticate users.

    For servers and locators, specify -auth-provider=provider_name at the command line, or define the sqlfire.auth-provider=provider_name property in the sqlfire.properties file.

    For development and testing only, specify BUILTIN as the provider name to use the SQLFire built-in authentication mechanism. For production purposes, specify LDAP to use an existing LDAP repository, or specify the name of a custom provider class that implements the UserAuthenticator interface.

  2. Configure user credentials in your specified authentication provider. See Creating Users for BUILTIN Authentication or Configuring LDAP Directory Service.
    Note: If you start a SQLFire system with user authentication enabled but without defining at least one user, you will not be able to shut down the system at once with sqlf shut-down-all. To create users, see Creating Users for BUILTIN Authentication or Configuring LDAP Directory Service.
  3. Start one or more SQLFire locators with the authorization configuration, before starting any additional SQLFire data stores or accessors.

    When using BUILTIN authentication, the locator must define all system user accounts as well as the authentication provider for the distributed system as a whole. SQLFire uses the specified provider and users to perform mutual authentication when new members attempt to join the distributed system.

  4. When shutting down the distributed system, use sqlf shut-down-all with authenticated user credentials. As an alternative, shut down individual SQLFire data stores and accessors before shutting down the SQLFire locator member by specifying sqlf shut-down-all with the -skip-locators option.

Example

The following sqlfire.properties entries show a SQLFire member that is configured to use SQLFire built-in authentication:
sqlfire.auth-provider=BUILTIN
mcast-port=0

The mcast-port=0 entry indicates that multicast is not used in the SQLFire distributed system. Valid locator properties would need to be supplied when starting the SQLFire server, as well as the credentials for a SQLFire user as described in Creating Users for BUILTIN Authentication.