Creating a Keychain Entry
The Terracotta client should have a keychain file with an entry for every Terracotta server in the cluster. The format for the entry uses the "tc" scheme:
tc://<client-username>@<host>:<tsa-port>
An entry for the server in the example configuration should look like:
tc://client1@172.16.254.1:9510
Use the keychain script in the Terracotta kit to add the entry:
tools/security/bin/keychain.sh -O clientKeychainFile
tc://client1@172.16.254.1:9510
By default, the keychain file stores passwords using an obfuscation scheme, requiring the use of
-O (hyphen capital letter O) with the keychain script for
any operation on the file. To switch a more secure encryption-based scheme, see
Using Encrypted Keychains.
If the keychain file does not already exist, use the -c flag to create it:
tools/security/bin/keychain.sh -O -c clientKeychainFile
tc://client1@172.16.254.1:9510
You will be prompted to enter a client password to associate with the URI.
This entry in the client's keychain file serves as the key for the client's password and is provided to the server along with the client username ("client1" in the example).
These credentials must match those in the
server's .ini file or
LDAP or Active Directory credentials.The Terracotta client searches for the keychain file in the following locations:
%(user.home)/.tc/mgmt/keychain%(user.dir)/keychain.tkc The path specified by the system property
com.tc.security.keychain.urlExample Using the Keychain Script
When you run the keychain script, the following prompt should appear:
Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Enter the password you wish to associate with this URL:
Password for tc://client1@172.16.254.1:9510 successfully stored
Note that the script does not verify the credentials or the server address.