| // Licensed to the Apache Software Foundation (ASF) under one or more |
| // contributor license agreements. See the NOTICE file distributed with |
| // this work for additional information regarding copyright ownership. |
| // The ASF licenses this file to You under the Apache License, Version 2.0 |
| // (the "License"); you may not use this file except in compliance with |
| // the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| = Authentication |
| :javaFile: {javaCodeDir}/Security.java |
| |
| |
| == Ignite Authentication |
| |
| |
| You can enable Ignite Authentication by setting the `authenticationEnabled` property to `true` in the node's configuration. |
| This type of authentication requires link:persistence/native-persistence[persistent storage] be enabled for at least one data region. |
| |
| [tabs] |
| -- |
| tab:XML[] |
| [source, xml] |
| ---- |
| include::code-snippets/xml/ignite-authentication.xml[tags=ignite-config;!discovery, indent=0] |
| ---- |
| |
| tab:Java[] |
| [source, java] |
| ---- |
| include::{javaFile}[tags=ignite-authentication,indent=0] |
| ---- |
| |
| tab:.NET/C#[] |
| |
| tab:C++[unsupported] |
| -- |
| |
| The first node that you start must have authentication enabled. |
| Upon start-up, Ignite creates a user account with the name "ignite" and password "ignite". |
| This account is meant to be used to create other user accounts for your needs. |
| Then simply delete the "ignite" account. |
| |
| You can manage users using the following SQL commands: |
| |
| * link:sql-reference/ddl#create-user[CREATE USER] |
| * link:sql-reference/ddl#alter-user[ALTER USER] |
| * link:sql-reference/ddl#drop-user[DROP USER] |
| |
| |
| == Supplying Credentials in Clients |
| |
| When authentication is configured in the cluster, all client applications must provide user credentials. Refer to the following pages for the information about specific clients: |
| |
| * link:thin-clients/getting-started-with-thin-clients#authentication[Thin clients] |
| * link:SQL/JDBC/jdbc-driver#parameters[JDBC driver] |
| * link:SQL/ODBC/connection-string-dsn#supported-arguments[ODBC driver] |
| * link:restapi#security[REST API] |
| |
| |