Configure security in such a way that each security file is readable only by those programs or users that require it. The security configuration files installed with software, which should be edited after installation, are readable by anyone.

The Managers and the Broker typically run with administrative privileges. Therefore, ensure that the serverConnect.conf and brokerConnect.conf files are readable by users with administrative privileges only.

Procedure

  1. Create a secure setup for users and client programs by providing two separate clientConnect.conf files.
    Note: One clientConnect.conf file, can remain readable by anyone, should only contain entries that make client programs prompt for passwords. This clientConnect.conf file will not contain passwords.
  2. For client programs, create a separate clientConnect.conf file that contains the authentication information necessary for non-prompting programs to access Managers.
    This clientConnect.conf should only be readable by the user(s) under which these programs run. Client programs use the SM_CLIENTCONNECT environment variable to find this clientConnect.conf file. You can specify SM_CLIENTCONNECT in the service startup file for each service. For clients that are installed as services, you can use the --env option to the sm_service utility to edit the parameters of a service.