Hi Satyajit,
Ignite does not provide role-based access control, only authentication.
Some vendors have plugins/forks where this is available, though.
Pavel
On Fri, Aug 18, 2023 at 5:48 AM wrote:
> Hi Pavel,
>
>
>
> We have a requirement where we are loading static da
Hi Pavel,
We have a requirement where we are loading static data into Ignite cache
as SQL tables using Ignite .NET library. As per document we can enable
authentication if persistence is enabled for one data region.
How can we extend the security in Ignite .NET
t; I've reproduced it for 2.11. In case of turned on authentication, thick
>> clients won't connect until you enable persistence for them. Because thick
>> clients have no persistence, you can use it like a workaround. Certainly,
>> it looks like a bug.
>>
>> пт, 1
Hi,
I created a ticket about this problem:
https://issues.apache.org/jira/browse/IGNITE-15969
пт, 19 нояб. 2021 г. в 22:46, Shishkov Ilya :
> Hi,
> I've reproduced it for 2.11. In case of turned on authentication, thick
> clients won't connect until you enable persistence for them. Beca
Hi,
I've reproduced it for 2.11. In case of turned on authentication, thick
clients won't connect until you enable persistence for them. Because thick
clients have no persistence, you can use it like a workaround. Certainly,
it looks like a bug.
пт, 19 нояб. 2021 г. в 16:42, Ganguly Gundeboina
queue limit is set to 0 which may lead to potential
OOMEs when running cache operations in FULL_ASYNC or PRIMARY_SYNC modes due
to message queues growth on sender and receiver sides.
[18:03:49] Security status [authentication=on, sandbox=off, tls/ssl=off]
Nov 19, 2021 6:03:50 PM
Thick clients don’t need to authenticate, but they do need to have the same
authentication settings as the server nodes, i.e., set
IgniteConfiguration#setAuthenticationEnabled(true).
> On 19 Nov 2021, at 11:28, Ganguly Gundeboina wrote:
>
> Hi Pavel,
>
> Yes, we have enabled
Hi Pavel,
Yes, we have enabled authentication on server nodes only.
We could provide user credentials for thin clients, so thin clients are
able to connect to the cluster after setting username and password at
client side.
But not able to set user credentials for thik clients, So we have
r
> [ignoredFailureTypes=UnmodifiableSet [SYSTEM_WORKER_BLOCKED,
> SYSTEM_CRITICAL_OPERATION_TIMEOUT
> [14:47:53] Message queue limit is set to 0 which may lead to potential
> OOMEs when running cache operations in FULL_ASYNC or PRIMARY_SYNC modes due
> to message queues growth on sen
Gangaiah, this exception means that authentication is disabled on the
thick client and enabled on the cluster it was trying to connect to.
Enable authentication on the thick client and the problem should be solved.
--
Mikhail
On 2021/11/17 17:56:13 Ganguly Gundeboina wrote:
> Hi Ignit
4:47:53] Message queue limit is set to 0 which may lead to potential
OOMEs when running cache operations in FULL_ASYNC or PRIMARY_SYNC modes due
to message queues growth on sender and receiver sides.
[14:48:03] Security status [authentication=off, sandbox=off, tls/ssl=off]
[14:48:05] REST protoco
PM, Ganguly Gundeboina пишет:
Hi Igniters,
We recently started using Ignite version 2.11.0 (native persistence
enabled) with authentication enabled. When am trying to connect to
cluster using thick client, getting error as below. This was not there
with earlier version. I have checked
https
Hi Igniters,
We recently started using Ignite version 2.11.0 (native persistence
enabled) with authentication enabled. When am trying to connect to cluster
using thick client, getting error as below. This was not there with earlier
version. I have checked
https://ignite.apache.org/docs/latest
still throws the same Authentication Failed error (as given in my
> previous post) after executing authenticateNode.
>
> The another thing that bothers me is that validateNode is not being invoked
> when the second server node is started. I am still stuck with this issue.
>
>
>
&g
it to my security context and return the
same. It still throws the same Authentication Failed error (as given in my
previous post) after executing authenticateNode.
The another thing that bothers me is that validateNode is not being invoked
when the second server node is started. I am still stuck
Hi Sankar,
What Andei said is correct. We need to return a security subject. I faced
this problem and solved it like this :
*1. Create your own SecurityPermissionSet class that implements
org.apache.ignite.plugin.security.SecurityPermissionSet .*
/public class TestSecurityPermissionSet
Hi,
It's correct that SecurityContext is null in your case:
SecurityContext subj = spi.nodeAuth.authenticateNode(node, cred);
if (subj == null) {
// Node has not pass authentication.
LT.warn(log, "Authentication failed [nodeId=" + node.id() +
I have implemented custom authentication and authorization through a plugin.
/public class MyPlugin implements GridSecurityProcessor, IgnitePlugin {/
Implemented authenticateNode method which bypasses authentication for server
nodes and returns a security context instance. validateNode
Hi Andrei,
thank you for the details.
Kurt
From: Andrei Aleksandrov
Sent: Tuesday, September 17, 2019 10:50 AM
To: user@ignite.apache.org
Subject: Re: Authentication
External Email: Use caution in opening links or attachments.
Hi Kurt,
Yes, you can create new users via SQL as was mentioned
From:*Andrei Aleksandrov
*Sent:* Monday, September 16, 2019 12:13 PM
*To:* user@ignite.apache.org
*Subject:* Re: Authentication
*External Email:*Use caution in opening links or attachments.
Hi,
I guess that here Ignite has some documentation gap. Advanced security
out of the box will work only with
: Andrei Aleksandrov
Sent: Monday, September 16, 2019 12:13 PM
To: user@ignite.apache.org
Subject: Re: Authentication
External Email: Use caution in opening links or attachments.
Hi,
I guess that here Ignite has some documentation gap. Advanced security out of
the box will work only with thin
Hi,
I guess that here Ignite has some documentation gap. Advanced security
out of the box will work only with thin connections like webconsole,
ODBC/JDBC, etc.
To get cluster node authentication you should add GridSecurityProcessor
implementation:
https://apacheignite.readme.io/docs
Hi all,
I used the web-console to auto-generate some code and then extended the
ServerNodeCodeStartup.java class according to the documentation to enable
authentication (which requires to enable persistence) like this:
public static void main(String[] args) throws Exception
Hello!
You know, there's an even simpler method of authentication. Just use TLS,
have a CA which only signs certificates of trusted nodes. Anyone without a
certificate can't join cluster.
Regards,
--
Ilya Kasnacheev
ср, 12 июн. 2019 г. в 11:09, Jeff Jiao :
> I tried to implement the plu
I tried to implement the plugin but stuck at specify SecurityCredentials when
Ignite node start up, I cannot find any useful information here how to
specify it.
But I find one Ignite user posted a doable and much easier way to implement
Ignite authentication, if anyone wants to do this, you can
Thanks Mikael! I will have a try.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
class="org.apache.ignite.configuration.DataRegionConfiguration">
value="#{10L * 1024 * 1024}"/>
Den 2019-06-04 kl. 10:34, skrev Jeff
Hi Igniters,
We want to enable the authentication feature for our Ignite cluster, but
currently, it still requires us to enable Ignite native persistence which is
not suitable for our use case.
Is there a way to enable persistence in IgniteConfiguration but disabled for
all the caches inside
Hello!
You need at least one persistent region AFAIK, and it may be quite small
just for authentication needs.
Regards,
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
you have to create a plugin or buy - ent solution !
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Hello!
As far as my understanding goes, Apache Ignite authentication only affects
thin clients (such as JDBC or native Python/PHP/C# client).
You can add authorization include client node join checks, but that will
require custom plugin implementation.
See https://apacheignite.readme.io/docs
Hi,
I have started the ignite servers by enabling ignite authentication, so
ignite is creating username and password.
I want to know how to pass the username and password in the client
configuration file(.xml), so that it talks to server.
Regards
radha
Thanks for sharing the command.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Hello!
ALTER USER "ignite" WITH PASSWORD 'new_passwd'
Regards,
--
Ilya Kasnacheev
вт, 11 дек. 2018 г. в 14:14, radha :
> Thanks for you reply.
> I have enabled authentication.
> Let me put my understanding,
> superuser [deafult user created by ignite while de
Thanks for you reply.
I have enabled authentication.
Let me put my understanding,
superuser [deafult user created by ignite while deploying ignite] cannot be
changed before/after deploying ignite.
There is an option to change the superuser password using alter command
after deploying the ignite
Refer to advanced security section:
https://apacheignite.readme.io/docs/advanced-security
Currently you have to enable persistence and create/modify users via SQL.
Regards,
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Hi,
When authentication is enabled, Can the user be able to provide his own
username and password which overrides the default username and password?
If so, can these credentials be provided through ignite_config.xml? and
how?
Thanks
With Regards
Krupa
--
Sent from: http://apache-ignite
Hi Denis,
Sorry for comming late on this topic. I have written a custom plugin and
was to able to load. Can you please help in answering the below queries:
1. GridSecurityProcessor interface is used only for authorization or for
Authentication also?
2. Can we provide custom
Hi,
Ignite persistence is required only if you're planning to use Ignite
authentication [1]. This step is optional if you're planning to implement
your own plugin.
[1]
https://apacheignite.readme.io/docs/advanced-security#section-enable-authentication
--
Denis
On Fri, Nov 2, 2018 at 6:25 PM
Hi,
In the Apache ignite documentation, it is mentioned when authentication is
enabled, then persistence has to be enabled.
Can we enabled 3rd party persistence or does it need to be IGFS?
Does persistence need to be enabled even for Custom authentication plugin?
There is a requirement for us
Hi,
1)According to advanced security that provided by default:
https://apacheignite.readme.io/docs/advanced-security
It will provide the possibility to create/drop/alter the users. Also, it
provides the only simple authentification with the password.
Note that it required the persistence and .
Hello,
I would like to implement authentication for all the nodes of the cluster
(client and server should provide username and password to join the cluster). I
tried to use the latest version 2.5, which the documentation claims to provide
authentication, but it doesn't implement it for all
Stan,
I think that we should add support for authentication in control.sh
One more tool will confuse Ignite users.
On Tue, May 22, 2018 at 3:53 AM, Stanislav Lukyanov <stanlukya...@gmail.com>
wrote:
> Hi,
>
>
>
> Ignite doesn’t provide built-in support for authentic
at 11:53 PM, Stanislav Lukyanov <stanlukya...@gmail.com
> wrote:
> Hi,
>
>
>
> Ignite doesn’t provide built-in support for authentication, so the
> built-in control.bat/sh also don’t have stubs for that.
>
> So yes, I guess you need to write your own tool.
>
>
Hi,
Ignite doesn’t provide built-in support for authentication, so the built-in
control.bat/sh also don’t have stubs for that.
So yes, I guess you need to write your own tool.
A tool like that would be pretty simple though – just start a client node,
parse command line arguments and
map them
Hi guys,
I configured Ignite user/password authentication by adding custom plugin.
It works fine in server/client nodes and visor but I can't find any auth
support in control.bat
I checked it's source code and don't see any place where I can provide
credentials.
Should I write my own control
Hi all,
I am reviving this thread because as far as I can tell the initial question
was not answered, and I am hitting the same problem:
"* when a node starts up it needs to fetch the local password and store it
in it's own configuration "
... and I can't figure out how to do that?? The only
Hi, this can be done by implementing security in Java and setting it up via
Spring config xml
and IgniteConfiguration.SpringConfigUrl in .NET.
There is no direct support yet.
On Fri, May 12, 2017 at 5:16 PM, virs <apps.v...@gmail.com> wrote:
> Hi,
>
> I am trying to implement
Hi,
I am trying to implement authentication from .Net/C# client but could not
find any straight forward way to do that. Though Java api provides method
like setSecurityCredentialsProvider for ignite configuration. It seems its
not there for .Net API.
It will be really helpfull if someone can
in context:
http://apache-ignite-users.70518.x6.nabble.com/REST-API-authentication-tp11299p11308.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
Hello,
How is authentication handled for REST API? What is required to set up HTTPS?
Thanks
Ivan
to *DiscoverySpiNodeAuthenticator.authenticateNode()* as
*SecurityCredentials*.
On Mon, Mar 6, 2017 at 3:25 PM, conor <conor.grif...@mastercard.com> wrote:
> Hi, I'm trying to implement authentication for an ignite cluster. I've
> read
> the blog post mentioned in other post
Hi, I'm trying to implement authentication for an ignite cluster. I've read
the blog post mentioned in other posts here but it's incomplete and also
quite old so I was hoping for some guidance. (blog post:
http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/)
The authentication
Hi,
Authentication process protects access to grid in first, but authorization
allow to determine list of authorized permissions.
In other word you can have some clients with difference rights. Any user
can have or have not permission to grid functionality. Description of the
permission you can
te would
be deployed on a private aws network (VPC)? I do not foresee a need of
having client authentication but just wanted to know your thoughts.
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Node-authentication-using-security-credentials-tp6853p6976.html
Sent from the
mething?
>
> Thanks!
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Node-authentication-using-security-
> credentials-tp6853.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>
--
Vladislav Pyatkov
ve checked if required ports are opened and increased
TcpDiscoverySpi.networkTimeout and verified. But issue still persists.
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6855.html
Sent from the Apache Ig
ntext:
http://apache-ignite-users.70518.x6.nabble.com/Node-authentication-using-security-credentials-tp6853.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
; --
> View this message in context: http://apache-ignite-users.
> 70518.x6.nabble.com/Start-node-in-remote-server-which-
> needs-authentication-tp6668p6796.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>
That is the issue I am facing. I am not able to load my key in pem file to
jks as it expects certificate along with it. Anyway I can get this working?
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication
e.org<mailto:user@ignite.apache.org>"
<user@ignite.apache.org<mailto:user@ignite.apache.org>>
Date: Friday, August 5, 2016 at 4:28 PM
To: "user@ignite.apache.org<mailto:user@ignite.apache.org>"
<user@ignite.apache.org<mailto:user@ignite.apache.org>>
ype=node=6789=0>>
> Date: Friday, August 5, 2016 at 3:03 PM
> To: "Chetan.V.Yadav" <[hidden email]
> <http:///user/SendEmail.jtp?type=node=6789=1>>
> Subject: Re: Start node in remote server which needs authentication
>
> Are you sure, which start I
al?
> --
> Regards,
> Chetan.
>
> From: "vdpyatkov [via Apache Ignite Users]" <[hidden email]
> <http:///user/SendEmail.jtp?type=node=6777=0>>
> Date: Friday, August 5, 2016 at 11:33 AM
> To: "Chetan.V.Yadav" <[hidden email]
> <h
n.v.ya...@target.com<mailto:chetan.v.ya...@target.com>>
Subject: Re: Start node in remote server which needs authentication
Hello,
I don't think, which it is OS issue.
Difficult understand to me where are you problem, without any demonstration.
Can you please provide code example or full c
users.
> 70518.x6.nabble.com/Start-node-in-remote-server-which-
> needs-authentication-tp6668p6770.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>
--
Vladislav Pyatkov
-server-which-needs-authentication-tp6668p6770.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
e-users.
> 70518.x6.nabble.com/Start-node-in-remote-server-which-
> needs-authentication-tp6668p6762.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.
>
--
Vladislav Pyatkov
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6762.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
ite.sh: 83: [: unexpected operator
> bin/ignite.sh: 93: bin/ignite.sh: [[: not found
> bin/ignite.sh: 147: [: 0: unexpected operator
> bin/ignite.sh: 168: bin/ignite.sh: : Permission denied
>
>
>
> --
> View this message in context: http://apache-ignite-users.
> 70518.x
bin/ignite.sh: 147: [: 0: unexpected operator
bin/ignite.sh: 168: bin/ignite.sh: : Permission denied
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6760.html
Sent from the Apache Ignite Users mailing
in these nodes as soon
as I start it?
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6704.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
that starts the
node.
I do not want to ssh through my terminal and everything needs to be
programmatically driven just like how I do it from my local.
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6695
SSL-related documentation:
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html
-Val
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Start-node-in-remote-server-which-needs-authentication-tp6668p6681.html
Sent from the Apache Ignite Users
for obvious reasons it asks me to
"make sure IP finder addresses are correct and firewalls are disabled on all
host machines". So, please suggest me the way to start node in this remote
machine with authentication using .pem file/ any other alternate approach.
Also, I access data loade
Start command essentially connects to the remote host using SSH and executes
ignite.sh script there. Username and password here are for SSH connection.
-Val
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/visor-command-line-authentication-tp3395p3405.html
Sent
ame and password I need to provide as they
are not optional parameters.
Thanks for taking a look.
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/visor-command-line-authentication-tp3395p3403.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
76 matches
Mail list logo
