Enabling the Preconfigured User-Name-Password Option

Enable the preconfigured user-name-password authentication option by modifying the node1.xml and csi_local.xml files.
Note: SAP does not recommend using the preconfigured user-name-password option in a production environment; it is provided for use in development and testing. Preconfigured logins are file-based. Although you can encode the passwords in csi_local.xml, preconfigured logins can be compromised (intentionally or otherwise) by any user with access to that file.

By default, the installation process creates a cluster configuration file called node1.xml. This file contains security information for the cluster, including a reference to the file that determines the authentication type. If you created a different cluster name during installation, the name of your cluster configuration file takes the form <node-name>.xml.

When preconfigured user-name-password is the active authentication method, the <node-name>.xml file refers to the csi_local.xml file, which contains the user names and passwords you configure. Event Stream Processor provides a default csi_local.xml file you can use as a basis for creating your own preconfigured user-name-password combination. This file may initially reside in the ESP_HOME/cluster/examples folder. In such cases, copy the file to the ESP_HOME/security folder.

Enabling the preconfigured username-password option requires that you create and encode the passwords, configure csi_local.xml to specify the user names and enter the encoded passwords, then modify the <node_name>.xml file to specify the preconfigured username-password option as the active authentication method.

  1. Shut down the cluster.
    If you make changes while the cluster is running, ESP will not apply them until you restart the cluster.
  2. Create and encode a password:
    1. From a command line, run the encode_text command in the esp_cluster_admin tool:

      On Windows: esp_cluster_admin.exe --encode_text

      On Linux or Solaris: esp_cluster_admin.bin --encode_text

    2. At the prompts, enter and then confirm the password you want to encode.
    3. The encoded password displays on screen. Copy the password to paste it into the csi_local.xml file.
  3. Modify the csi_local.xml file to specify the username and password:
    1. Copy the csi_local.xml file from ESP_HOME/cluster/examples to ESP_HOME/security.
    2. Use a text editor to open ESP_HOME/security/csi_local.xml.
    3. In the <Configuration> section, locate <options name="username" and change the value attribute to the desired user name.
    4. In the <Configuration> section, locate <options name="password" and change the value attribute by pasting the encoded password you copied from the CSI utility. Enclose the password in quotation marks.
    5. To add a second login, use a separate <authenticationProvider> element. Encode another password (see step 2) and include controlFlag and name attributes with the values shown here: 
      <authenticationProvider controlFlag="sufficient" name="com.sybase.security.core.PreConfiguredUserLoginModule">
  <options name="username" value="sybase2"/>
  <options name="password" value="{SHA-256:gIQWZYOPQVM=}jqHtsTPcw8kGkZt1PQeveUAhQncAQhHXJBrjZAqTfk4="/>
</authenticationProvider>
    6. Save and close the csi_local.xml file.
  4. Set the preconfigured username-password option as the active authentication method:
    1. Use a text editor to open the cluster configuration file, ESP_HOME/cluster/nodes/<node-name>/<node-name>.xml.
    2. Within the <Security> section of the cluster configuration file, in the <Csi> section, change the <File> value to csi_local.xml, as follows:
      <Csi>
  <File>csi_local.xml</File>
<Csi>
    3. Save and close the file.
  5. Restart the cluster.
Parent topic: User-Name-Password Authentication
Related tasks
Starting a Node or Cluster
Stopping a Node or Cluster