Striim 3.10.1 documentation

System users and keystore

Striim has two system user accounts that are created during installation:

  • admin has all privileges on all namespaces.

  • sys authenticates servers and Forwarding Agents when they connect to the Striim cluster. Its only privileges are Global.serverrole and Global.agentrole. It does not have a namespace and cannot log in.

The admin and sys passwords, as well as the metadata repository password, are stored in a Java KeyStore, striim/conf/sks.jks, using AES-256 and BCrypt.

If you prefer, you may create a user similar to sys that can authenticate only Forwarding Agents (replace ******** with a strong password):

CREATE USER agentauth IDENTIFIED BY ********;
DROP NAMESPACE agentauth CASCADE;
REVOKE Global.systemuser FROM USER agentauth;
REVOKE Global.uiuser FROM USER agentauth;
GRANT Global.agentrole TO USER agentauth;