Configuring a secure Broker

You can configure the
to run in a secure manner. Use of a secure
results in the following changes to how
software runs:
  • Consoles prompt for a username and password to connect to the
    . Without a secure
    , consoles connect to the
    without authenticating.
  • Other servers and clients use their respective clientConnect.conf files to determine what credentials to send to the
    , just as they use clientConnect.conf to determine what credentials to send to a server. In particular, you can configure the clientConnect.conf files so that clients and servers prompt for connections to the
    , as the console does, or specify the password in clientConnect.conf.
    To configure and run a secure
    , complete the following steps:
    1. Choose a unique
      username and password for the secure
      credentials. The new
      username and password will be used by both servers and clients:
      • Servers will use these credentials to register with the
        .
      • Clients will use these credentials to connect to the
        and determine the location of a server.
        For example, you could use the
        username “SecureBroker” and the password “Secure”. Choose a unique
        username and password.
    2. Use the sm_edit utility to open a local copy of the clientConnect.conf file, located in
      /local/conf. Edit this file, used by all clients and servers, so that
      programs send the SecureBroker/Secure credentials when connecting to the
      .
      • Comment out the following line:
        *:<BROKER>:BrokerNonsecure:Nonsecure
      • Type a new line configuring a secure
        . This new line is added below the BrokerNonsecure line that you commented out.
        For example:
        #*:<BROKER>:BrokerNonsecure:Nonsecure *: <BROKER> : SecureBroker : Secure *: <BROKER> : SecureBroker : <PROMPT>
    3. Use sm_edit to make the following changes to the local serverConnect.conf file used by the
      :
      • Delete the line granting <DEFAULT>/<DEFAULT> access to the
        .
      • Change the BrokerNonsecure/Nonsecure line to grant Ping access rather than All access. Do not, however, delete this authentication record.
      • Add a new authentication record that grants All access to the SecureBroker/Secure credentials This new record must be below the BrokerNonsecure/Nonsecure record. For example:
        <BROKER>:BrokerNonsecure:Nonsecure:Ping <BROKER> : SecureBroker : Secure : All