Bill Shannon wrote:
>
> There's still the bootstrap/startup problem.
>
> What authentication do you use for the first sync request? And where
> do you get it? Before the sync, there is no keystore on the client.
>
> Some choices are:
>
> 1. creating the instance ensures that the instance starts with a
> keystore instead of starting with nothing.
This seems to work well for create-instance where it can push the
keystore to the instance and pass it to _creat-instance-filesystem.
But maybe less well for create-local-instance. Where does it get
the keystore?
> 2. we save the admin username and password in the das.properties file
> and use that for authentication during synchronization.
And this works well for create-local-instance which has the admin
username and password, but less so for create-instance which does not.
> 3. we have a separate "node agent" keystore that contains the
> authentication
> information we use during synchronization.
Looks like a variation of 1.
> And don't forget that with whatever approach we choose there needs to be
> a way to change the authentication information used for synchronization,
> preferably without a manual step on each node.
Which seems to argue for 1 or 3 since the DAS can push out a keystore
but can't push out an admin password (because it doesn't have it).
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>