Configuring a secure Broker

You can configure the to run in a secure manner.
The use of a secure
Broker
results in the following changes:
  • The consoles prompt for a username and password to connect to the
    Broker
    . Without a secure
    Broker
    , consoles connect to the
    Broker
    without authenticating.
  • The other servers and clients use their respective
    clientConnect.conf
    files to determine what credentials to send to the
    Broker
    just as they use
    clientConnect.conf
    to determine what credentials to send to a server. In particular, you can configure the
    clientConnect.con
    f files so that clients and servers prompt for connections to the
    Broker
    , as the console does, or specify the password in
    clientConnect.conf
    .
  1. Choose a unique Domain Manager username and password for the secure
    Broker
    credentials. The new username and password will be used by both servers and clients:
    • Servers will use these credentials to register with the
      Broker
      .
    • Clients will use these credentials to connect to the
      Broker
      and determine the location of a server.
    You could use the username
    SecureBroker
    and the password
    Secure
    . Choose a unique Domain Manager username and password.
  2. Use the
    sm_edit
    utility to open a local copy of the
    clientConnect.conf
    file, located in
    BASEDIR/smarts/local/conf
    . Edit this file, used by all clients and servers, so that programs send the SecureBroker/Secure credentials when connecting to the
    Broker
    .
    1. Comment out the following line:
      *:<BROKER>:BrokerNonsecure:Nonsecure
    2. Type a new line configuring a secure Broker. This new line is added below the
      BrokerNonsecure
      line that you commented out.
      #*:<BROKER>:BrokerNonsecure:Nonsecure
      *: <BROKER> : SecureBroker : Secure
      Conversely, you can configure
      clientConnect.conf
      so that clients and servers prompt for connections to the
      Broker
      , as well as other servers. In this example, it involves replacing the password
      Secure
      with
      <PROMPT>
      .
      *: <BROKER> : SecureBroker : <PROMPT>
  3. Use
    sm_edit
    to make the following changes to the local
    serverConnect.conf
    file used by the
    Broker
    :
    1. Delete the line granting
      <DEFAULT>/<DEFAULT>
      access to the
      Broker
      .
    2. Change the
      BrokerNonsecure/Nonsecure
      line to grant
      Ping
      access rather than
      All
      access. Do not, however, delete this authentication record.
    3. Add a new authentication record that grants
      All
      access to the SecureBroker/Secure credentials. This new record must be below the
      BrokerNonsecure/Nonsecure
      record.
    <BROKER>:BrokerNonsecure:Nonsecure:Ping
    <BROKER> : SecureBroker : Secure : All