Local Security Provider

6.0-SNAPSHOT 5.6 5.5 5.4 5.3 5.2 5.1 5.0 4.2022.01 4.2021.12 4.2021.12-1

You can use the local security provider to control authentication and authorization in Management Center. With this security provider, user accounts are stored in Management Center’s database.

Setting Up the Local Security Provider

To set up the local security provider, you need to create an admin user, using either the UI or the hz-mc conf tool.

  • UI

  • mc-conf

To set up the local security provider in the UI, go to Settings > Security Providers > Local.

To create a new user with hz-mc conf, use the following command. Replace the <username> placeholder with your username. For details about the mc-conf tool, see Management Center Configuration Tool.

Linux and Mac
hz-mc conf user create -n <username> -r admin -p
Windows
mc-conf.bat user create -n <username> -r admin -p

  • Username: Username for the initial administrator user account.

  • Password: Password for the initial administrator user account.

Passwords must include the following:

  • Minimum of 8 characters

  • At least one letter

  • At least one digit

  • At least one special character, which is not a letter, digit or space

Passwords must not include the following:

  • The username

  • Two or more of the same letter following each other.

  • A 3-character or longer sequence of letters following or preceding each other such as "abc" or "fed".

  • A 3-character or longer sequence of digits following or preceding each other such as "123" or "987".

Creating Users

To create additional users, admin users can use the UI or you can use the hz-mc conf tool.

When creating users, be sure to give them a valid role. See User Management.

  • UI

  • mc-conf

To set up the local security provider in the UI, go to Settings > Security Providers > Local.

To create a new user with hz-mc conf, use the following command. Replace the <username> placeholder with your username.

Linux and Mac
hz-mc conf user create -n <username> -r admin -p
Windows
mc-conf.bat user create -n <username> -r admin -p

Using a Dictionary to Prevent Weak User Passwords

To prevent certain words from being included in user passwords, you can use a dictionary.

  1. Create a text file that contains the words that you want to prevent.

    Each word must be on a new line and must contain at least three characters.

  2. Start Management Center with the hazelcast.mc.security.dictionary.path property where the path points to your text file.

Words that are shorter than four characters are ignored to avoid blocking too many password combinations. You can configure the minimum length of words by starting Management Center with the hazelcast.mc.security.dictionary.minWordLength property.

  • Linux and Mac

  • Windows

hz-mc start -Dhazelcast.mc.security.dictionary.path=/usr/MCtext/pwd.txt \
     -Dhazelcast.mc.security.dictionary.minWordLength=3
mc-start.cmd -Dhazelcast.mc.security.dictionary.path=/usr/MCtext/pwd.txt ^
     -Dhazelcast.mc.security.dictionary.minWordLength=3

Changing User Passwords

To change user passwords in the local security provider, admin users can use the UI or you can use the hz-mc conf tool.

  • UI

  • hz-mc-conf

  1. Go to Settings > Users.

  2. Click Edit in the row of the user whose password you want to change.

  3. Click Change Password.

Use the following hz-mc conf command. Replace the <username> placeholder with your username.

Linux and Mac
hz-mc conf user update-password -n <username> -p
Windows
mc-conf.bat user update-password -n <username> -p
If you’re on Linux or Mac devices, enclose passwords in single quotes only if you use the --password option. If you use the -p flag, do not use single quotes in the interactive prompt.

Next Steps

For details about the hz-mc conf tool, see Management Center Configuration Tool.

lifebuoy

Help and support