{"_id":"560d5df697a0a32f006e9de9","category":{"_id":"55e94ebee5d0c623003ed86c","pages":["55e94ebfe5d0c623003ed86e","55ed7fdadf21af2b009e217d","55ed86db2e66b621009941a6","55ed879428d7c33700de00e1","55ed88392e66b621009941a9","55ed885cec4c3e3900b75611","55ed88ba2e66b621009941ab","55ed8caba872a80d00acff5d","55ed8ce82e66b621009941c3","560d5df697a0a32f006e9de9","566ff8f33a32d20d00c45b37","5670195e81801f0d00802e1c"],"version":"55e94ebee5d0c623003ed86b","__v":12,"project":"55e94ebde5d0c623003ed868","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-04T07:56:46.830Z","from_sync":false,"order":9999,"slug":"documentation","title":"Documentation"},"githubsync":"","project":"55e94ebde5d0c623003ed868","__v":16,"user":"55e94db887e942230032e40d","version":{"_id":"55e94ebee5d0c623003ed86b","project":"55e94ebde5d0c623003ed868","__v":1,"createdAt":"2015-09-04T07:56:46.272Z","releaseDate":"2015-09-04T07:56:46.272Z","categories":["55e94ebee5d0c623003ed86c"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"0.3.0","version":"0.3.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-10-01T16:23:18.026Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":9,"body":"Majordodo broker-to-broker and worker-to-broker communication can be secured by TLS.\nWith *broker.ssl* set to true a self signed certificate will be generated at every boot. You may change this behaviour using the properties in the broker.properties config file:\n*     **broker.ssl**: use TLS\n*     **broker.ssl.certificatefile**: PKCS8 private key file (PEM)\n*     **broker.ssl.certificatechainfile**: X.509 certificate chain file (PEM)\n*     **broker.ssl.certificatefilepassword**: the password for PKCS8 file\n\nAs default the system will ignore that a certificate is self signed and/or wrong.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Brokers/Workers authentication\"\n}\n[/block]\nMajordodo implement basic authentication between brokers and workers based on a shared secret. The shared secret is also used as password for bookeeper.\n\nYou may want to change it in production systems.\n\n*     **sharedSecred**: unique value (default to \"dodo\")\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Clients authentication\"\n}\n[/block]\nClient authentication is applied only for the submission of new tasks. GET methods are not authenticated, POST methods (such as [submitTask](doc:client-api) and [submitTasks](doc:client-api) ) need authentication.\n\nClient authentication is based on user permissions. There are only two type of users:\n*      **Administrators** that can submit task for every user\n*      **Simple Users** that can submit task only for themself\n\n\n\nFor stand alone usage only one authenticator is implemented, with administrator permissions.\nYou may want to  change the default values in the broker.properties config file:\n*      admin.username=admin\n*      admin.password=password\n\nUsers of [Embedded Mode](doc:embedded-mode) can implement an AuthenticationManager that implements their own directory of users.","excerpt":"","slug":"security","type":"basic","title":"Security"}
Majordodo broker-to-broker and worker-to-broker communication can be secured by TLS. With *broker.ssl* set to true a self signed certificate will be generated at every boot. You may change this behaviour using the properties in the broker.properties config file: * **broker.ssl**: use TLS * **broker.ssl.certificatefile**: PKCS8 private key file (PEM) * **broker.ssl.certificatechainfile**: X.509 certificate chain file (PEM) * **broker.ssl.certificatefilepassword**: the password for PKCS8 file As default the system will ignore that a certificate is self signed and/or wrong. [block:api-header] { "type": "basic", "title": "Brokers/Workers authentication" } [/block] Majordodo implement basic authentication between brokers and workers based on a shared secret. The shared secret is also used as password for bookeeper. You may want to change it in production systems. * **sharedSecred**: unique value (default to "dodo") [block:api-header] { "type": "basic", "title": "Clients authentication" } [/block] Client authentication is applied only for the submission of new tasks. GET methods are not authenticated, POST methods (such as [submitTask](doc:client-api) and [submitTasks](doc:client-api) ) need authentication. Client authentication is based on user permissions. There are only two type of users: * **Administrators** that can submit task for every user * **Simple Users** that can submit task only for themself For stand alone usage only one authenticator is implemented, with administrator permissions. You may want to change the default values in the broker.properties config file: * admin.username=admin * admin.password=password Users of [Embedded Mode](doc:embedded-mode) can implement an AuthenticationManager that implements their own directory of users.