JMX Authentication Using the Keychain

The following is required for server-to-client REST-agent authorization. Every node in the cluster must have the following entry in its keychain, all locked with the identical secret:

jmx:net.sf.ehcache:type=RemoteAgentEndpoint

In addition, server-server REST-agent communication must also be authorized using a keychain entry with the following format:

jmx://<user>@<host>:<group-port>

Note that the value of <user> is specified in each server configuration's <security>/<auth>/<user> and is not related to the user running as process owner.

For example, to create an entry for server2 in server1's keychain, use:

tools/security/bin/keychain.sh -O server1keychain.tkc 
jmx://server2username@172.16.254.2:9530

Each server must have an entry for itself and an entry for each other server in the TSA.