Enable password-free access

0.0.201

Tair (Redis OSS-compatible) allows you to enable password-free access for instances that are deployed in virtual private clouds (VPCs). This feature provides a secure and convenient method to connect to an instance. After password-free access is enabled for an instance deployed in a VPC, clients within the same VPC as the instance can access the instance without using passwords. Meanwhile, you can still use a username and a password to connect to the instance.

Prerequisites

The instance that you want to manage is deployed in a VPC.

Note

If the instance is deployed in the classic network, you must change the network type to VPC. For more information, see Switch the network type from classic network to VPC.

Precautions

After you enable password-free access for an instance, the default account is used to connect to the instance. The username of the default account is the same as the instance ID, such as r-bp1zxszhcgatnx****. The default account has read and write permissions on the instance.
If you use a public endpoint to connect to your instance after you enable password-free access for the instance, you still need to enter a password to ensure security.

Procedure

Log on to the console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.
In the upper-right corner of the Connection Information section, click Enable Password-free Access.
In the panel that appears, read the prompt and click OK.
Refresh the page. If the text that is displayed on the button is changed from Enable Password-free Access to Disable Password-free Access, password-free access is enabled.
If the instance is deployed in cloud-native mode, add the IP addresses of clients within the same VPC as the instance to a whitelist of the instance to connect the clients to the instance without using passwords.
If the instance is deployed in classic mode, you can connect a client to the instance without the need to add the IP address of the client to a whitelist of the instance. You can use the #no_loose_check-whitelist-always parameter to control access to classic instances. By default, the #no_loose_check-whitelist-always parameter is set to no. In this case, after password-free access is enabled for a Tair instance, clients within the same VPC as the instance can connect to the instance without the need to add their IP addresses to a whitelist of the instance. For more information, see Parameters that can be configured for Redis Open-Source Edition instances.
Note
You cannot configure the #no_loose_check-whitelist-always parameter for cloud-native instances.

Examples

The following code provides an example on how to connect to an instance for which password-free access is enabled.

Note

For information about how to obtain the endpoint and password used to connect to an instance, see View endpoints.

redis-cli

Jedis

redis-cli -h host -p port
// Example: redis -h r-bp10noxlhcoim2****.redis.rds.aliyuncs.com -p 6379

JedisPoolConfig config = new JedisPoolConfig();
// Specify the maximum number of idle connections based on your business requirements. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxIdle(100);
// Specify the maximum number of connections based on your business requirements. The value cannot exceed the maximum number of connections supported by the instance. 
config.setMaxTotal(200);
config.setTestOnBorrow(false);
config.setTestOnReturn(false);
// Replace the values of the host and port parameters with the endpoint and port number that are used to connect to the instance. The password parameter is not required. 
String host = "r-bp10noxlhcoim2****.redis.rds.aliyuncs.com";
int port = 6379;
JedisPool pool = new JedisPool(config, host, port);
Jedis jedis = null;
try
{
    jedis = pool.getResource();
    /// ... do stuff here ... for example
    jedis.set("foo", "bar");
    System.out.println(jedis.get("foo"));
    jedis.zadd("sose", 0, "car");
    jedis.zadd("sose", 0, "bike");
    System.out.println(jedis.zrange("sose", 0, -1));
}
finally
{
    if(jedis != null)
    {
        // Close connections after each API call is complete. To close a connection, release the connection to the connection pool instead of destroying the connection. 
        jedis.close();
    }
}
// Call this method only once when you exit. 
pool.destroy();

What to do next

Click Disable Password-free Access to disable password-free access.

Important

If you disable password-free access for an instance, clients cannot use the password-free access feature to connect to the instance.

To prevent this impact on your client, you can change the method that is used to verify the connection of your client to account and password logon in advance.

Related API operations

API operation	Description

API operation	Description
ModifyInstanceVpcAuthMode	Enables or disables password-free access for an instance that is deployed in a VPC.

FAQ

Why does the WRONGPASS invalid username-password pair error message appear after I enable password-free access for an instance deployed in a VPC?
If you enter an incorrect password to connect to a Redis Open-Source Edition 6.0 instance for which password-free access is enabled, the preceding error message is returned. Enter the correct password or leave the password field empty.
Note
Enter a password based on the following rules:
- If you use the default account whose username is the same as the instance ID, enter the password of the account.
- If you use a custom account, enter the password in the <user>:<password> format. Example: testaccount:Rp829dlwa.
Why is the (error) ERR illegal address error reported when I use a client to connect to a Tair instance for which password-free access is enabled?
The IP address of the client is not added to a whitelist of the instance. You can add the IP address of the client to a whitelist of the instance and try again.