Configuring a secure
Broker
You can configure the to run in a secure manner.
The use of a secure
Broker
results in the following changes:
- The consoles prompt for a username and password to connect to theBroker. Without a secureBroker, consoles connect to theBrokerwithout authenticating.
- The other servers and clients use their respectiveclientConnect.conffiles to determine what credentials to send to theBrokerjust as they useclientConnect.confto determine what credentials to send to a server. In particular, you can configure theclientConnect.conf files so that clients and servers prompt for connections to theBroker, as the console does, or specify the password inclientConnect.conf.
- Choose a unique Domain Manager username and password for the secureBrokercredentials. The new username and password will be used by both servers and clients:
- Servers will use these credentials to register with theBroker.
- Clients will use these credentials to connect to theBrokerand determine the location of a server.
You could use the usernameSecureBrokerand the passwordSecure. Choose a unique Domain Manager username and password. - Use thesm_editutility to open a local copy of theclientConnect.conffile, located inBASEDIR/smarts/local/conf. Edit this file, used by all clients and servers, so that programs send the SecureBroker/Secure credentials when connecting to theBroker.
- Comment out the following line:*:<BROKER>:BrokerNonsecure:Nonsecure
- Type a new line configuring a secure Broker. This new line is added below theBrokerNonsecureline that you commented out.#*:<BROKER>:BrokerNonsecure:Nonsecure*: <BROKER> : SecureBroker : SecureConversely, you can configureclientConnect.confso that clients and servers prompt for connections to theBroker, as well as other servers. In this example, it involves replacing the passwordSecurewith<PROMPT>.*: <BROKER> : SecureBroker : <PROMPT>
- Usesm_editto make the following changes to the localserverConnect.conffile used by theBroker:
- Delete the line granting<DEFAULT>/<DEFAULT>access to theBroker.
- Change theBrokerNonsecure/Nonsecureline to grantPingaccess rather thanAllaccess. Do not, however, delete this authentication record.
- Add a new authentication record that grantsAllaccess to the SecureBroker/Secure credentials. This new record must be below theBrokerNonsecure/Nonsecurerecord.
<BROKER>:BrokerNonsecure:Nonsecure:Ping<BROKER> : SecureBroker : Secure : All