BigMemory 4.4.0 | Product Documentation | BigMemory Max Security Guide | Enabling SSL on Terracotta Clients | Creating a Keychain Entry
 
Creating a Keychain Entry
The Terracotta client should have a keychain file with an entry for every Terracotta server in the cluster. The format for the entry uses the "tc" scheme:
tc://<client-username>@<host>:<tsa-port>
An entry for the server in the example configuration should look like:
tc://client1@172.16.254.1:9510
Use the keychain script in the Terracotta kit to add the entry:
tools/security/bin/keychain.sh -O clientKeychainFile
tc://client1@172.16.254.1:9510
By default, the keychain file stores passwords using an obfuscation scheme, requiring the use of -O (hyphen capital letter O) with the keychain script for any operation on the file. To switch a more secure encryption-based scheme, see Using Encrypted Keychains.
If the keychain file does not already exist, use the -c flag to create it:
tools/security/bin/keychain.sh -O -c clientKeychainFile
tc://client1@172.16.254.1:9510
You will be prompted to enter a client password to associate with the URI.
This entry in the client's keychain file serves as the key for the client's password and is provided to the server along with the client username ("client1" in the example). These credentials must match those in the server's .ini file or LDAP or Active Directory credentials.
The Terracotta client searches for the keychain file in the following locations:
*%(user.home)/.tc/mgmt/keychain
*%(user.dir)/keychain.tkc
*The path specified by the system property com.tc.security.keychain.url
Example Using the Keychain Script
When you run the keychain script, the following prompt should appear:
Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Enter the password you wish to associate with this URL:
Password for tc://client1@172.16.254.1:9510 successfully stored
Note that the script does not verify the credentials or the server address.