JMX Authentication Using the Keychain
The following is required for server-to-client REST-agent authorization. Every node in the cluster must have the following entry in its keychain, all locked with the identical secret:
jmx:net.sf.ehcache:type=RemoteAgentEndpoint
In addition, server-server REST-agent communication must also be authorized using a keychain entry with the following format:
jmx://<user>@<host>:<group-port>
Note that the value of <user> is specified in each server configuration's <security>/<auth>/<user> and is not related to the user running as process owner.
For example, to create an entry for server2 in server1's keychain, use:
tools/security/bin/keychain.sh -O server1keychain.tkc
jmx://server2username@172.16.254.2:9530
Each server must have an entry for itself and an entry for each other server in the TSA.