Configure authentication strings

A basic means for authentication in AppMon Server-Collector-communication is provided by authentication-strings.

If enabled, the Collector sends an MD5 hash of a configured authentication-string to the Server, which checks whether its own configured authentication-string matches.

Note

Communication that is not encrypted can be easily captured using a man-in-the-middle attack, so it is advisable to use this feature in combination with encryption / SSL.

  • For the Server-side, the authentication-string is configured using the collectorauthstring attribute in the corresponding <collector> element of <DT_HOME>/server/conf/server.config.xml, XPath: /dynatrace/serverconfig/settings/collector/@collectorauthstring. Add the plain-text password here and ensure this file cannot be read by unauthorized personnel.

  • For the Collector-side (<DT_HOME>/collector/conf/collector.config.xml) the authstring attribute in the <collectorconfig> element must contain the same plain-text password (XPath:/dynatrace/collectorconfig/@authstring). Again, ensure that this file cannot be read by unauthorized personnel.

The following XML fragments illustrate how to configure an authentication-string between the Collector and Server.

  • AppMon Server configuration file:
<dynatrace ...>
   ...
   <settings>
      <collector ... collectorauthstring="abc" ... />
      ...
   </settings>
   ...
</dynatrace>
  • AppMon Collector configuration file:
<dynatrace ...>
   <collectorconfig .... authstring="abc"... >
   ...
</dynatrace>