Connection settings (#3985)

Document connection and authentication settings

Author: andreyaksenov

doc/book/admin/access_control.rst

@@ -90,7 +90,7 @@ There are two functions for managing passwords in Tarantool:
 
 *   :doc:`/reference/reference_lua/box_schema/user_password` returns a hash of a user's password.
 
-Tarantool Enterprise Edition also allows you to improve database security by enforcing the use of strong passwords, setting up a maximum password age, and so on. Learn more from the :ref:`Access control <enterprise-access-control>` section.
+Tarantool Enterprise Edition also allows you to improve database security by enforcing the use of strong passwords, setting up a maximum password age, and so on. Learn more from the :ref:`configuration_authentication` topic.
 
 
 

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_address/config.yaml

@@ -0,0 +1,15 @@
+credentials:
+  users:
+    admin:
+      password: 'topsecret'
+      roles: [ super ]
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_address/instances.yml

@@ -0,0 +1 @@
+instance001:

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_addresses/config.yaml

@@ -0,0 +1,16 @@
+credentials:
+  users:
+    admin:
+      password: 'topsecret'
+      roles: [ super ]
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'
+              - uri: '127.0.0.1:3302'

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_addresses/instances.yml

@@ -0,0 +1 @@
+instance001:

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_port/config.yaml

@@ -0,0 +1,15 @@
+credentials:
+  users:
+    admin:
+      password: 'topsecret'
+      roles: [ super ]
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '3301'

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_port/instances.yml

@@ -0,0 +1 @@
+instance001:

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_socket/config.yaml

@@ -0,0 +1,15 @@
+credentials:
+  users:
+    admin:
+      password: 'topsecret'
+      roles: [ super ]
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: 'unix/:./var/run/{{ instance_name }}/tarantool.iproto'

doc/code_snippets/snippets/config/instances.enabled/iproto_listen_socket/instances.yml

@@ -0,0 +1 @@
+instance001:

doc/code_snippets/snippets/config/instances.enabled/security_auth_protocol/certs/generate.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -xeuo pipefail
+
+# 1. Generate an unencrypted server key.
+openssl genrsa -out server.key 2048
+
+# 2. Create a certificate signing request based on the server key.
+openssl req -new -key server.key -subj "/C=US/ST=State/L=City/O=Example-Certificates/CN=server/" -out server.csr
+
+# 3. Generate a server certificate.
+openssl x509 -req -in server.csr -signkey server.key -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -out server.crt