Securing with the TMS

If you are using the Terracotta Management Server (TMS), you must set up JMX authentication. Every node in the cluster must have the following entry in its keychain, all locked with the identical secret:

jmx:net.sf.ehcache:type=RepositoryService

In addition, server-server REST-agent communication must also be authorized using a keychain entry using the format jmx://<user>@<host>:<group-port> .

Add entries to the keychain file as described in Setting up the Server Keychain, but avoid using the -O flag when using the keychain script.

For example, to create an entry for server2 in server1's keychain, use:

tools/security/bin/keychain.sh server1keychain.tkc 
jmx://server2username@172.16.254.2:9530

Each server must have an entry for itself and one for each other server in the TSA.