You are here

SkyVault 2.0 » Configuring

Setting up authentication and security

Use this information to manage authentication in SkyVault, and to configure keystores for repository encryption.
The first time you access a vanilla SkyVault installation, you can identify yourself by entering a new user name and password in the Login screen. If you log in with the credentials of a user with administrator privileges, you can create additional users and assign them passwords. In this out-of-the-box set up, you can manage the user base and their passwords manually in SkyVault.
Note: Choose a strong, unique password for your admin account, and consider changing it regularly.

From here, there are a number of common customizations you might want to make to scale up to the needs of a larger enterprise. For example, you might want to:

  • Enable automatic sign-on using operating system credentials or a Single Sign-On (SSO) server to remove the need for a Login page
  • Delegate authentication responsibility to a central directory server to remove the need to set up users manually
  • Protect your repository and Solr communications using encryption
  • SkyVault security SkyVault security comprises a combination of authentication and authorization.
  • Managing SkyVault keystores The out-of-the-box SkyVault installation has a pre-configured main keystore, which contains a secret key generated by SkyVault. If you want to use encrypted properties, you should create your own keystore with your own password, and update the metadata file appropriately.
  • Cryptographic password hashing SkyVault uses cryptographic password hashing technique to securely store passwords.
  • Encrypting properties The SkyVault-global.properties file holds configuration properties that contain sensitive information or passwords, such as db.password. This section provides information on the properties that are encryptable and the process to encrypt them using the SkyVault Encrypted Properties Management Tool.
  • Authentication subsystems Authentication is one of the categories of the SkyVault subsystem. An authentication subsystem is a coordinated stack of compatible components responsible for providing authentication and identity-related functionality to SkyVault.
  • SkyVault authentication chain The authentication subsystem types allow you to integrate SkyVault with the authentication servers in your environment. However, if integrating SkyVault with only one of these systems is not sufficient, you might want to combine multiple authentication protocols against a collection of servers.
  • Managing authentication directories Use Directory Management in the Admin Console to set up authentication chains, and configure external SSO, CIFS and FTP authentication. The Directory Management feature gives you the ability to configure and test connections to various directory services. 
  • Authorities Authorities are people (or persons) or groups.
  • Defining permissions Permissions and their groupings are defined in an XML configuration file.
  • Access Control Lists An Access Control List (ACL) is an ordered list of one or more Access Control Entries (ACE). An ACE associates a single authority to a single permission group or permission, and states whether the permission is to be allowed or denied. All nodes have an associated ACL.
  • Modifying access control Modifying access control can involve changing definitions, adding services, defining types and aspects, or adding definitions to new or existing security interceptors.
  • Public services Security is enforced around public services. Web services, web scripts, SkyVault Share, CIFS, WebDAV, FTP, CMIS, and more, all use public services, and therefore include security enforcement.
  • Implementation and services SkyVault enforces security services for managing authentication information.
  • Admin password in default authentication The Admin user password is used by the default authentication system.
  • Security policies and filters You can configure a number of policies and filters in SkyVault Share to mitigate security attacks.
Parent topic: Configuring

© 2017 TBS-LLC. All Rights Reserved.