JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 13

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • By default mutual authentication is in place.
    • The Controller is challenged by the Agent to present its Client Authentication certificate which is then verified by the Agent.
    • If a Controller cluster is used then connections from both Controller instances are authenticated by the distinguished name of the instance's Client Authentication certificate.

  • The JS7_CONTROLLERAGENT_CONFIG_DIR/private/private.conf configuration file should include authentication details like this:

    Code Block
    titleExample for private.conf file specifying Controller authentication
    js7 {
    auth {
        users {
            # Controller ID for connections by primary/standby Controller instance
            jobscheduler {
                distinguished-names=[
                    "DNQ=SOS CA, CN=apmacwin_primary_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE",
                    "DNQ=SOS CA, CN=apmacwin_secondary_client, OU=IT, O=SOS, L=Berlin, ST=Berlin, C=DE"
                ]
            }
        }
    }
}


    Explanation:
    • The jobscheduler user account is an example of a Controller ID that is specified during Controller installation.
    • The distinguished-names property allows the addition of a number of distinguished names as available from the subject of Client Authentication certificates that are used by Controller instances when connecting to the Agent.
      • Except for whitespace between attributes the precise sequence and values as available from the certificate's subject has to match this property value.

...