Initial Setup
The Terracotta Management Console (TMC) is a web-based administration and monitoring application for Terracotta products. TMC connections are managed through the Terracotta Management Server (TMS), which must be running for the TMC to function.
Note:
You can confirm the version of the TMC you are running and get other information about the TMC by clicking About on the toolbar.
When you first connect to the TMC, the authentication setup page appears, where you can choose to run the TMC with authentication or without. Authentication can also be enabled/disabled in the TMC Settings panel.
If you do not enable authentication, you can connect to the TMC without being prompted for a login or password.
If you enable authentication, the following choices appear:
Microsoft Active Directory - Use with an Active Directory server. Instructions for setting up connections to LDAP and Active Directory are available with the form that appears when you select the LDAP or Active Directory. See also,
Setting up LDAP or Active Directory Authorization.
Setting up authorization and authentication controls access to the TMC but does not affect connections, which must be secured separately. For more information, see the BigMemory Max Security Guide. In addition, an appropriate Terracotta license file is needed to run the TMC with security.
Simple Account-Based Authentication
Authentication using built-in role-based accounts backed by a .ini file is the simplest scheme. When you choose .ini-file authentication, you must restart the TMC using the stop-tmc and start-tmc scripts. A setup page appears for initializing the two accounts that control access to the TMC:
Administrator - This account (username "admin") has read and write control over the TMC.
Operator - This read-only account (username "operator") can view statistics and other information about configured connections. This account cannot add or edit connections.
Create a password for each account, then click Done to go to the login screen. The login screen appears each time a connection is made to the TMC.
Inactivity Timeout
The Terracotta Management Console allows a connected user to remained connected indefinitely, whether or not that user is active. To set a default timeout for inactivity, navigate to the WEB_INF directory, open the web.xml file, and uncomment the following block. You can then accept its default value of 30 for idleTimeoutMinutes or specify a different value:
<context-param>
<description>
After this amount of time has passed without user activity, the user will
be automatically logged out.
</description>
<param-name>idleTimeoutMinutes</param-name>
<param-value>30</param-value>
</context-param>
Note that internal to the TSA and TMC, the Apache Shiro session management is configured with an inactivity timeout of 10 minutes, expressed in milliseconds, securityManager.sessionManager.globalSessionTimeout = 600000. However, this timeout setting is unrelated to the human end-user activity. For more information about Apache Shiro, see Shiro session management.
Authentication Lockout Mechanism
The Terracota Management Console supports a lockout mechanism that blocks further login attempts for a specific duration after a certain threshold of failed login attempts is reached.
The lockout mechanism is enabled for Simple Account-Based Authentication. If you want to set up a lockout mechanism for LDAP or Active Directory setups, you need to use the password and authentication policy mechanisms of those systems.
You can control the lockout behavior by adding the following properties in the <user.home>/.tc/mgmt/settings.ini file:
lockoutThreshold=x - where x is the number of failed attempts before the account is locked out. The default is 5.
lockoutTimeMillis=x - where x is how long the account is locked out for in milliseconds. The default is 900000 ms or 15 minutes.
Any invalid values for the above properties will be replaced with the default values. Refer to the TMC logs to verify the currently used values.
A user who has provided invalid login attempts equal to lockoutThreshold gets an "Account is Locked" message on the TMC web UI.
The lockout can be removed either by restarting the TMC or by waiting till the lockoutTimeMillis period has expired.
Note:
You can disable the lockout feature by providing a negative value to the lockoutTimeMillis property (e.g. -1).