You can configure the to run in a secure manner.

The use of a secure Broker results in the following changes:

  • The consoles prompt for a username and password to connect to the Broker. Without a secure Broker, consoles connect to the Broker without authenticating.
  • The other servers and clients use their respective clientConnect.conf files to determine what credentials to send to the Broker just as they use clientConnect.conf to determine what credentials to send to a server. In particular, you can configure the clientConnect.conf files so that clients and servers prompt for connections to the Broker, as the console does, or specify the password in clientConnect.conf.

Procedure

  1. Choose a unique Domain Manager username and password for the secure Broker credentials. The new username and password will be used by both servers and clients:
    • Servers will use these credentials to register with the Broker.
    • Clients will use these credentials to connect to the Broker and determine the location of a server.
    You could use the username SecureBroker and the password Secure. Choose a unique Domain Manager username and password.
  2. Use the sm_edit utility to open a local copy of the clientConnect.conf file, located in BASEDIR/smarts/local/conf. Edit this file, used by all clients and servers, so that programs send the SecureBroker/Secure credentials when connecting to the Broker.
    1. Comment out the following line:
      *:<BROKER>:BrokerNonsecure:Nonsecure
    2. Type a new line configuring a secure Broker. This new line is added below the BrokerNonsecure line that you commented out.
      #*:<BROKER>:BrokerNonsecure:Nonsecure
      *: <BROKER> : SecureBroker : Secure

      Conversely, you can configure clientConnect.conf so that clients and servers prompt for connections to the Broker, as well as other servers. In this example, it involves replacing the password Secure with <PROMPT>.

      *: <BROKER> : SecureBroker : <PROMPT>
  3. Use sm_edit to make the following changes to the local serverConnect.conf file used by the Broker:
    1. Delete the line granting <DEFAULT>/<DEFAULT> access to the Broker.
    2. Change the BrokerNonsecure/Nonsecure line to grant Ping access rather than All access. Do not, however, delete this authentication record.
    3. Add a new authentication record that grants All access to the SecureBroker/Secure credentials. This new record must be below the BrokerNonsecure/Nonsecure record.
    <BROKER>:BrokerNonsecure:Nonsecure:Ping
    <BROKER> : SecureBroker : Secure : All