Configure Securing Using JMX Authentication
Terracotta can use the standard Java security mechanisms for JMX authentication, which relies on the creation of .access and .password files with correct permissions. The default location for these files for JDK 1.5 or higher is $JAVA_HOME/jre/lib/management.
To configure security using JMX authentication, follow these steps:
1. Ensure that the desired usernames and passwords for securing the target servers are in the JMX password file jmxremote.password and that the desired roles are in the JMX access file jmxremote.access.
2. If both jmxremote.access and jmxremote.password are in the default location ($JAVA_HOME/jre/lib/management), add the following configuration to each <server> block in the Terracotta configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication />
...
</server>
3. If jmxremote.password is not in the default location, add the following configuration to each <server> block in the Terracotta configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication>
<mode>
<password-file>/path/to/jmx.password</password-file>
</mode>
</authentication>
...
</server>
4. If jmxremote.access is not in the default location, add the following configuration to each <server> block in the Terracotta configuration file:
<server host="myHost" name="myServer" jmx-enabled="true">
...
<authentication>
<mode>
<password-file>/path/to/jmxremote.password</password-file>
</mode>
<access-file>/path/to/jmxremote.access</access-file>
</authentication>
...
</server>
If the JMX password file is not found when the server starts up, an error is logged stating that the password file does not exist.