The Dgraph process and Endeca Server both rely on structures in the Cluster Coordinator for proper operation.
In order to prevent a malicious or malfunctioning element in the environment from affecting these structures, the programs using Cluster Coordinator are authenticated by the Coordinator before reading or writing these structures.
The Cluster Coordinator uses ACLs to control access to the data nodes of the Cluster Coordinator data tree. The ACL implementation is similar to Linux file access permissions: it employs permission bits to allow/disallow various operations against a node and the scope to which the bits apply. However, unlike standard Linux permissions, a Cluster Coordinator node is not limited by the three standard scopes for user, group, and world. Instead, an ACL specifies sets of IDs and permissions that are associated with those IDs.
The IDs and permissions are specified via the Cluster Coordinator's built-in digest authentication scheme. The digest authentication requires the client to provide a name and password, and likewise allows access to users authenticated with particular names and passwords.
The Dgraph process and Endeca Server both use a single cluster-wide name and password. The name is always "endeca", but the password is randomly generated for each cluster deployment. Immediately upon establishing a session with the Cluster Coordinator, the client authenticates with these credentials. Then, whenever creating a Cluster Coordinator node, it attaches an ACL requiring these credentials for any access.
The password for Cluster Coordinator access is stored in the WebLogic Credential Store Framework (CSF), the standard secret store for Oracle Fusion Middleware products. The basic interface for CSF is in the Java libraries provided as part of a WebLogic deployment. Therefore, the Endeca Server can retrieve the Cluster Coordinator credentials from the CSF. For the Dgraph process usage, the Endeca Server gets the Cluster Coordinator credentials from the CSF and passes them to the Dgraph process.