Page History
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# Security configuration js7 { auth { # User accounts for https connections users { # Controller account for connections by primary/secondary Controller instance js7_dev { password="plain:secret" } } } configuration { # Locations of certificates and public keys used for signature verification trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } job { # Enable script execution from signed workflows execution { signed-script-injection-allowed = yes } } web { # Locations of keystore and truststore files for HTTPS connections https { keystore { # Default: ${js7.config-directory}"/private/https-keystore.p12" file=${js7.config-directory}"/private/https-keystore.p12" key-password=jobscheduler store-password=jobscheduler } truststores=[ { # Default: ${js7.config-directory}"/private/https-truststore.p12" file=${js7.config-directory}"/private/https-truststore.p12" store-password=jobscheduler } ] } # disableDisable use of client authentication certificates server { auth { https-client-authentication=off } } } } |
Explanation:
- Consider that the above configuration has to be deployed to any Agent instances.
- Find below explanations about configuration items relevant to an Agent.
Specify Controller ID and Password
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
js7 { auth { # User accounts for https connections users { # Controller account for connections by primary/secondary Controller instance js7_dev { password="plain:secret" } } } |
Explanation:
- In this example
js7_dev
is the Controller ID used by solo Controller or by a Controller Cluster. A Controller is assigned a unique Controller ID during initial operation. The Controller ID cannot be changed. - The
password
for the Controller ID in the Agent configuration is the same as stated with the Controller configuration.- The password has to be preceded with "plain:" if a plain text password is used.
- The password has to be preceded with "sha512" if a hashed password is used
- There are a number of ways how to create an sha512 hash value from a password.
- A possible solution includes:
openssl passwd -6
Disable Client Authentication
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
js7 { web { # disable use of client authentication certificates server { auth { https-client-authentication=off } } } |
...
Explanation:
- By default Client Authentication is required if Server Authentication is in place.
- The above setting disables Client Authentication.
Overview
Content Tools