Node:RSA key distribution, Next:An example, Previous:Mingle init, Up:Beginning to use Mingle
By default, mingle servers authenticate each user request in order to
protect data from being accessed by unauthorized people. You can enabled
or disabled the permission checking by modifying the parameter
"SecurityMode" in the Mingle configure file. For example,
SecurityMode = 0
disables the permission checking for all user requests.
When permission checking is enabled, a Mingle server will authenticate remote requests using the RSA digital signature scheme.
Each Mingle user has a pair of RSA signing keys (generated by the master server at Mingle single sign-on (see Mingle single sign-on)). Once a local Mingle server obtains your private RSA key at Mingle init (see Mingle single sign-on), the server can sign your request using your private key, and send the signed request to the relevant remote Mingle servers.
Each remote Mingle server that receives this request will retrieve your public key from the master server, and then verify the digital signature using it. The public keys can also be cached for better performance. Modify the parameter "PublicTTL" to adjust the cache expiration time for public keys.
For example,
PublicTTL = 24
sets the public key cache expiration time to be 24 hours.
Both the key distribution and the request authentication processes are transparent to the user, so that you do not need to manage your own RSA keys. However, each Mingle server also has a pair of RSA keys to encrypt and decrypt passwords and private keys to protect them from being eavesdropped during transmission. You can manually specify the pair of keys used by a server by modifying the "PublicKey" and "PrivateKey" parameters in the configure file, or let the server create and handle them for you.