The serverConnect.conf file defines who can connect to which server and what privileges they are granted. By default, separate versions of the file reside in the BASEDIR/smarts/conf and the BASEDIR/smarts/local/conf directories on the system where the server is running. The first version does not contain encrypted passwords, so the default values are accessible by anyone who can read the file. The version in BASEDIR/smarts/local/conf contains encrypted passwords.

The format of a record in serverConnect.conf is:

<target>:<
            
         
          username>:<password>:<privilege>

Field descriptions for serverConnect.conf describes the four fields of an authentication record in the serverConnect.conf file.

Table 1. Field descriptions for serverConnect.conf

Field

Definition

Value

<target>

Name of the server for which this connection is intended.

A server will only read this line if its name matches the value of the target field.

Can be a matching pattern with wildcards or one of the following special values:

  • <BROKER> indicates that this record applies only to the Broker.

  • ~<BROKER> indicates this record applies to all servers except the Broker.

< username>

username for the client requesting a connection.

Can be a matching pattern with wildcards or the following special value:

  • <DEFAULT> is provided for legacy clients that cannot send a username.

  • <AUTO> is provided for site-specific credentials.

<password>

Password for the user requesting a connection.

Can be a password or one of the following special values:

  • <SYS> indicates that the username must be a valid login name on the local system. The server passes the credentials to the host operating system for validation.

  • <DEFAULT> is provided for legacy clients that cannot send a password.

  • <AUTO> is provided for site-specific credentials.

<privilege>

Access privileges of the client.

Valid values include:

  • All

  • Monitor

  • None

  • Ping

Remember that during the authentication process the server receives a connection target, username, and password from a client. The server checks each of its records looking for a match. When it finds the first match, it sends the appropriate privilege back to the client. Otherwise, the server logs the failed authentication.