Configuring a secure Broker
You can configure the to run in a secure manner. Use of a secure results in the following changes to how software runs:
- Consoles prompt for a username and password to connect to the . Without a secure , consoles connect to the without authenticating.
- Other servers and clients use their respective clientConnect.conf files to determine what credentials to send to the , just as they use clientConnect.conf to determine what credentials to send to a server. In particular, you can configure the clientConnect.conf files so that clients and servers prompt for connections to the , as the console does, or specify the password in clientConnect.conf.To configure and run a secure , complete the following steps:
- Choose a unique username and password for the secure credentials. The new username and password will be used by both servers and clients:
- Servers will use these credentials to register with the .
- Clients will use these credentials to connect to the and determine the location of a server.For example, you could use the username “SecureBroker” and the password “Secure”. Choose a unique username and password.
- Use the sm_edit utility to open a local copy of the clientConnect.conf file, located in /local/conf. Edit this file, used by all clients and servers, so that programs send the SecureBroker/Secure credentials when connecting to the .
- Comment out the following line:*:<BROKER>:BrokerNonsecure:Nonsecure
- Type a new line configuring a secure . This new line is added below the BrokerNonsecure line that you commented out.For example:#*:<BROKER>:BrokerNonsecure:Nonsecure *: <BROKER> : SecureBroker : Secure *: <BROKER> : SecureBroker : <PROMPT>
- Use sm_edit to make the following changes to the local serverConnect.conf file used by the :
- Delete the line granting <DEFAULT>/<DEFAULT> access to the .
- Change the BrokerNonsecure/Nonsecure line to grant Ping access rather than All access. Do not, however, delete this authentication record.
- Add a new authentication record that grants All access to the SecureBroker/Secure credentials This new record must be below the BrokerNonsecure/Nonsecure record. For example:<BROKER>:BrokerNonsecure:Nonsecure:Ping <BROKER> : SecureBroker : Secure : All