In this article:
To improve security during the use of state server based on Redis or Memcached, set up user authentication:
NOTE. Setting up authentication on state server is available for Redis 6.0.0 or later and for Memcached 1.5.15 or later.
To authenticate users on state server, edit the configuration file:
redis.conf. When a state server based on Redis is used.
memcached.conf. When a state server based on Memcached is used.
In the redis.conf file add credentials for the administrator and the user who logs in to the system:
user default on <encrypted administrator password> ~* &* +@all
user <user name> on <encrypted user password> ~FP_* resetchannels -@all +setex +info +del +incr +get +set +expire
TIP. It is recommended to use the "default" administrator name.
For details see the Redis documentation:
In the memcached.conf file set the -Y parameter that is the path to the memcached.pwd file, which contains user credentials in the format: <user name>:<password>.
NOTE. After credentials are entered, in the memcached.pwd file press the ENTER key to go to the next line.
The example of the memcached.pwd file:
user_name:password
The example of the memcached.conf file in Linux OS:
-Y /etc/memcached.pwd
NOTE. To specify user credentials, one can use only the -Y parameter; authentication via SASL is not supported.
To provide interaction between BI servers cluster and state server, encrypt user credentials in Foresight Analytics Platform:
Start the PP.Util utility located in the folder with installed Foresight Analytics Platform with the following parameter:
PP.Util /encrypt_creds <user name> <password>
Use PP.Util_start.sh to execute the command in Linux OS, and PP.Util.exe to execute the command in Windows OS instead of PP.Util.
Copy the obtained encrypted user credentials and insert them as values of the Crs and Crsa parameters of the Credentials subsection in the settings.xml file or in the registry.
The example of the settings.xml file:
<Configuration>
<Root>
<Key Name="PP">
<BIS>
<Key Name="System">
<Session KeyIncr="0" Statable="Yes" />
<StateServer Host="state-server.sample.com" Port="6379" Type="Redis">
<Credentials Crsa="ALIHJDOCHDGAGOAEJJBPAPDGBHBLDEHKDIFLAGEMDHOEMMKC://gos" Crs="U2FsdGVkX1+JUMi2hGBLY1oDJkJ9tJza8v0ZXXVOyQRxG+CezITE/4tNHMHB9qBPfNSk+5Ke0aHlOdnW5X0lGLzzG/ISf06FpkqRjYInxCvzBS6r9UpamDQYMZz0p+RuQnhf/76QwX7w1bAapLkbEhhzlhipksXtOjjaFZNP4ZoVlPd+iZLmivtjqzEHSgM/pf3K3aec+LF8Xk1KB9R9dX4OynBf7i0eLTBN4rg76m7JuVZn9UYW5ReBWjcfngPU3kdQH/+UjnQpAhEYOj6WGRSiRl13K28uQ/9Vhjy+zFQRylErDr1rPGsttST4rQsBsyQlZTV/elN61IqAMLRslh0qOB38J04YvgfkJKUuc3rveIOpIWVTc5fwendODnTyQ+v9wKBwW7GHwjxqkrsX4CGsDLeGRYbggrg0u9hkayky9T8cGE0sorXKNU7pMo45qhKyvQM1ymfYI4aSH3qdCarauI+i5+aw1UifsgON9wQyhpp4BCBCK"/>
</StateServer>
</Key>
</BIS>
</Key>
</Root>
</Configuration>
Restart state server and BI servers cluster.
After executing the operations, user credentials for connection to state server are encrypted.
See also: