You should configure security in such a way that each security file is only readable by those programs or users that require it. The security configuration files installed with software, which should be edited after installation, are readable by anyone.

Because Managers and the Broker typically run with administrative privileges, the serverConnect.conf and brokerConnect.conf files should only be readable by users with administrative privileges and no one else.

The simplest method for creating a secure setup for users and client programs is to provide two separate clientConnect.conf files. One clientConnect.conf file, which can remain readable by anyone, should only contain entries that make client programs prompt for passwords. This clientConnect.conf file will not contain passwords.

For client programs, create a separate clientConnect.conf file that contains the authentication information necessary for non-prompting programs to access Managers. This clientConnect.conf should only be readable by the user(s) under which these programs run. Client programs use the SM_CLIENTCONNECT environment variable to find this clientConnect.conf file. You can specify SM_CLIENTCONNECT in the service startup file for each service. For clients that are installed as services, you can use the --env option to the sm_service utility to edit the parameters of a service.