You can configure a user name and password that GPSS will use for client-to-server authentication. When you configure GPSS client authentication, you identify the credentials in the gpss.json
server configuration file. Users that access the GPSS server instance must then provide (a variation of) the credentials to any gpsscli
subcommand that they invoke as described below.
You can configure client authentication as follows:
Identify a user name for authenticating.
Specify the user name in the Authentication:Username
property setting of the gpss.json
GPSS server configuration file. For example:
"Authentication": {
"Username": "client_auth_username",
"Password": "<shadow_passwd_string>"
}
Identify a password for authenticating.
Optionally configure a Shadow:Key
, and then generate a shadowed password string from the password as described in steps 1 and 2 of Shadowing the Greenplum Database Password.
Specify the shadow password string returned by gpsscli shadow
in the Authentication:Password
property setting of the gpss.json
GPSS server configuration file. For example:
"Authentication": {
"Username": "client_auth_username",
"Password": "SHADOW:ERTBKXDWLAJHUF5UOGJY34QTXIBNYP4ULTWVHIUZIF4UYFPRIJVA"
}
Always quote the complete shadow password string.
(Re)Start the GPSS server.
Notify users of the GPSS server instance of the new client authentication requirements, and provide them the user name and original (not shadowed) password.
All gpsscli
subcommands directed to a GPSS server instance that is configured for client authentication must specify the authentication credentials via the ‑U client_auth_username
and ‑P original_passwd
command line options. For example:
$ gpsscli submit -U client_auth_username -P changeme loadcfg.yaml