You can configure the to run in a secure manner.
The use of a secure Broker results in the following changes:
- The consoles prompt for a username and password to connect to the Broker. Without a secure Broker, consoles connect to the Broker without authenticating.
- The other servers and clients use their respective
clientConnect.conf
files to determine what credentials to send to the Broker just as they use clientConnect.conf
to determine what credentials to send to a server. In particular, you can configure the clientConnect.con
f files so that clients and servers prompt for connections to the Broker, as the console does, or specify the password in clientConnect.conf
.
Procedure
- Choose a unique Smart Assurance username and password for the secure Broker credentials. The new username and password will be used by both servers and clients:
- Servers will use these credentials to register with the Broker.
- Clients will use these credentials to connect to the Broker and determine the location of a server.
You could use the username
SecureBroker
and the password
Secure
. Choose a unique Smart Assurance username and password.
- Use the
sm_edit
utility to open a local copy of the clientConnect.conf
file, located in BASEDIR/smarts/local/conf. Edit this file, used by all clients and servers, so that Smart Assurance programs send the SecureBroker/Secure credentials when connecting to the Broker.
- Comment out the following line:
*:<BROKER>:BrokerNonsecure:Nonsecure
- Type a new line configuring a secure Broker. This new line is added below the
BrokerNonsecure
line that you commented out.
#*:<BROKER>:BrokerNonsecure:Nonsecure
*: <BROKER> : SecureBroker : Secure
Conversely, you can configure clientConnect.conf
so that clients and servers prompt for connections to the Broker, as well as other servers. In this example, it involves replacing the password Secure
with <PROMPT>
.
*: <BROKER> : SecureBroker : <PROMPT>
- Use
sm_edit
to make the following changes to the local serverConnect.conf
file used by the Broker:
- Delete the line granting
<DEFAULT>/<DEFAULT>
access to the Broker.
- Change the
BrokerNonsecure/Nonsecure
line to grant Ping
access rather than All
access. Do not, however, delete this authentication record.
- Add a new authentication record that grants
All
access to the SecureBroker/Secure credentials. This new record must be below the BrokerNonsecure/Nonsecure
record.
<BROKER>:BrokerNonsecure:Nonsecure:Ping
<BROKER> : SecureBroker : Secure : All