A newer version of Management Center is available.

View latest

Local Security Provider

You can use the local security provider to control authentication and authorization in Management Center. With this security provider, user accounts are stored in Management Center’s database.

Setting Up the Local Security Provider

To set up the local security provider, you need to create an admin user, using either the UI or the mc-conf tool.

  • UI

  • mc-conf

To set up the local security provider in the UI, go to Settings > Security Providers > Local.

To create a new user with mc-conf, use the following command. Replace the <username> placeholder with your username. For details about the mc-conf tool, see Management Center Configuration Tool.

Linux and macOS
mc-conf.sh user create -n <username> -r admin -p
Windows
mc-conf.bat user create -n <username> -r admin -p
  • Username: Username for the initial administrator user account.

  • Password: Password for the initial administrator user account.

Passwords must include the following:

  • Minimum of 8 characters

  • At least one letter

  • At least one digit

  • At least one special character, which is not a letter, digit or space

Passwords must not include the following:

  • The username

  • Two or more of the same letter following each other.

  • A 3-character or longer sequence of letters following or preceeding each other such as "abc" or "fed".

  • A 3-character or longer sequence of digits following or preceeding each other such as "123" or "987".

Creating Users

To create additional users, admin users can use the UI or you can use the mc-conf tool.

When creating users, be sure to give them a valid role. See User Management.

  • UI

  • mc-conf

To set up the local security provider in the UI, go to Settings > Security Providers > Local.

To create a new user with mc-conf, use the following command. Replace the <username> placeholder with your username.

Linux and macOS
mc-conf.sh user create -n <username> -r admin -p
Windows
mc-conf.bat user create -n <username> -r admin -p

Using a Dictionary to Prevent Weak User Passwords

To prevent certain words from being included in user passwords, you can use a dictionary.

  1. Create a text file that contains the words that you want to prevent.

    Each word must be on a new line and must contain at least three characters.

  2. Start Management Center with the hazelcast.mc.security.dictionary.path property where the path points to your text file.

Words that are shorter than four characters are ignored to avoid blocking too many password combinations. You can configure the minimum length of words by starting Management Center with the hazelcast.mc.security.dictionary.minWordLength property.

java -Dhazelcast.mc.security.dictionary.path=/usr/MCtext/pwd.txt \
     -Dhazelcast.mc.security.dictionary.minWordLength=3 \
     -jar hazelcast-management-center-5.0.4.jar

Changing User Passwords

To change user passwords in the local security provider, admin users can use the UI or you can use the mc-conf tool.

  • UI

  • mc-conf

  1. Go to Settings > Users.

  2. Click Edit in the row of the user whose password you want to change.

  3. Click Change Password.

Use the following mc-conf command. Replace the <username> placeholder with your username.

Linux and macOS
mc-conf.sh user update-password -n <username> -p
Windows
mc-conf.bat user update-password -n <username> -p
If you’re on Linux or macOS devices, enclose passwords in single quotes only if you use the --password option. If you use the -p flag, do not use single quotes in the interactive prompt.

Next Steps

For details about the mc-conf tool, see Management Center Configuration Tool.