Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add jwt secret authentication

This commit is contained in:
Andreas Streichardt 2016-11-18 14:30:24 +01:00
parent a83dec91c6
commit d0bb298d95
2 changed files with 13 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Documentation/Books/Manual/Administration/Configuration/Cluster.mdpp
View File

@ -99,44 +99,3 @@ for the server's id, ArangoDB will refuse to start.
``` ```
--cluster.my-address tcp://192.168.1.1:8530 --cluster.my-address tcp://192.168.1.1:8530
``` ```
!SUBSECTION Username
<!-- arangod/Cluster/ApplicationCluster.h -->
Username used for cluster-internal communication:
`--cluster.username username`
The username used for authorization of cluster-internal requests.
This username will be used to authenticate all requests and responses in
cluster-internal communication, i.e. requests exchanged between
coordinators and individual database servers.
This option is used for cluster-internal requests only. Regular requests
to coordinators are authenticated normally using the data in the *_users*
collection.
If coordinators and database servers are run with authentication turned
off, (e.g. by setting the *--server.authentication* option to *false*),
the cluster-internal communication will also be unauthenticated.
!SUBSECTION Password
<!-- arangod/Cluster/ApplicationCluster.h -->
Password used for cluster-internal communication:
`--cluster.password password`
The password used for authorization of cluster-internal requests.
This password will be used to authenticate all requests and responses in
cluster-internal communication, i.e. requests exchanged between
coordinators and individual database servers.
This option is used for cluster-internal requests only. Regular requests
to coordinators are authenticated normally using the data in the `_users`
collection.
If coordinators and database servers are run with authentication turned
off, (e.g. by setting the *--server.authentication* option to *false*),
the cluster-internal communication will also be unauthenticated.

12
Documentation/Books/Manual/Administration/Configuration/GeneralArangod.mdpp
View File

@ -164,6 +164,18 @@ generator and the Mersenne Twister.
@startDocuBlock server_authentication @startDocuBlock server_authentication
!SUBSECTION JWT Secret
`--server.jwt-secret secret`
ArangoDB will use JWTs to authenticate requests. Using this option lets
you specify a JWT.
In single server setups and when not specifying this secret ArangoDB will
generate a secret.
In cluster deployments which have authentication enabled a secret must
be set consistently across all cluster tasks so they can talk to each other.
!SUBSECTION Enable/disable authentication for UNIX domain sockets !SUBSECTION Enable/disable authentication for UNIX domain sockets