Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

5.11 The keyfile File

Authentication databases are repositories for maintaining user credentials. These credentials can be used to validate a user before granting access to resources on the Web Server. Common repositories include directory servers, databases, and flat files. Web Server 7 ships with a default file-based repository called keyfile that contains usernames and hashed passwords that can be used for flat file authentication.

The keyfile is empty by default, but entries can easily be added through the Administration Console. Before doing so, however, the server must be configured to use the keyfile as an authentication database.

Authentication databases are configured in server.xml at either the instance level, for a particular virtual server, or both. Example 5.14 demonstrates the settings for defining a keyfile as an authentication database.

Example 5.14. server.xml Authentication Database Definition for keyfile

<auth-db>
  <name>keyFile</name>
  <url>file</url>
  <property>
    <name>keyfile</name>
    <value>/opt/webserver7/https-www.example.com/config/keyFile</value>
  </property>
  <property>
    <name>syntax</name>
    <value>keyfile</value>
  </property>
</auth-db>

Table 5.5 provides an overview of the elements found in the authentication database definition.

Table 5.5. Authentication Database Properties

Element

Description

<auth-db>

Specifies the beginning and end of an authentication database definition.

<name>

The name of the authentication database. This is used to reference the database within the Web Server and must be unique. This value is arbitrary.

<url>

A value of file indicates that this is a file-based authentication database. Other values for this element might include an appropriate LDAP URL or pam.

<property>

Specifies a set of name/value property pairs for this authentication database. The first property listed is called keyfile. This indicates that the database is of type keyfile. The location of the keyfile database can be found at the following: /opt/webserver7/https-www.example.com/config/keyFile. The next property specifies the file’s syntax.

5.11.1 File Structure

The keyfile for an Administration Node is empty by default. Each new user creates an entry in the keyfile, as demonstrated in Example 5.15.

Example 5.15. Sample keyfile File

#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

# List of users for simple file realm. Empty by default.
rodale;{SSHA}0Fata3ioPWgQhd8wXOUWNMKkL7J2FydGVyAA==;hr
relise;{SSHA}5QkLGJmZJ7Z2YaEobLcw5LEk1qdmVkZGVyAA==;it
wclay;{SSHA}h3y4+I6f75k7+5XH2EClfv6ZIixhZG1pbgAAAA==;qa

The Administration Server instance uses a keyfile to store its own authentication credentials. Example 5.16 demonstrates the default keyfile for the Administration Node:

Example 5.16. Default keyfile File for the Administration Server Instance

#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

# List of users for simple file realm. Empty by default.
admin;{SSHA}h3y4+I6f75k7+5XH2EClfv6ZIixhZG1pbgAAAA==;wsadmin

5.11.2 Syntax

The basic format for the keyfile is

    
   username;hashedpassword;group

The maximum length of a line in a file-based authentication database file is 255 characters. If any line exceeds this limit, the server fails to start and an error is logged in the errors log file.

5.11.3 Context

Each server instance has its own keyfile file; therefore, there is a one-to-one correspondence between the server instance and this file.

5.11.4 Modifications

You can configure authentication databases with either the Administration Console or the command line interface. This causes changes to the server.xml file. If this file is updated as a result of changes made through either of these two interfaces, you must deploy the updated configuration before the changes are reflected on the appropriate Administration Node(s).

The addition of users to the keyfile does not require a redeployment of the configuration.

Errors found within the file may prevent the instance from starting.

  • + Share This
  • 🔖 Save To Your Account