You can configure the Broker to run in a secure manner. Use of a secure Broker results in the following changes to how software runs:

  • Consoles prompt for a username and password to connect to the Broker. Without a secure Broker, consoles connect to the Broker without authenticating.

  • Other servers and clients use their respective clientConnect.conf files to determine what credentials to send to the Broker, just as they use clientConnect.conf to determine what credentials to send to a server. In particular, you can configure the clientConnect.conf files so that clients and servers prompt for connections to the Broker, as the console does, or specify the password in clientConnect.conf.

    To configure and run a secure Broker, complete the following steps:

    1. Choose a unique username and password for the secure Broker credentials. The new username and password will be used by both servers and clients:

      • Servers will use these credentials to register with the Broker.

      • Clients will use these credentials to connect to the Broker and determine the location of a server.

        For example, you could use the username “SecureBroker” and the password “Secure”. Choose a unique username and password.

    2. Use the sm_edit utility to open a local copy of the clientConnect.conf file, located in BASEDIR/Smartss/local/conf. Edit this file, used by all clients and servers, so that programs send the SecureBroker/Secure credentials when connecting to the Broker.

      • Comment out the following line:

        *:<BROKER>:BrokerNonsecure:Nonsecure
        
      • Type a new line configuring a secure Broker. This new line is added below the BrokerNonsecure line that you commented out.

        For example:

        #*:<BROKER>:BrokerNonsecure:Nonsecure
        *: <BROKER> : SecureBroker : Secure
        *: <BROKER> : SecureBroker : <PROMPT>
        
    3. Use sm_edit to make the following changes to the local serverConnect.conf file used by the Broker:

      • Delete the line granting <DEFAULT>/<DEFAULT> access to the Broker.

      • Change the BrokerNonsecure/Nonsecure line to grant Ping access rather than All access. Do not, however, delete this authentication record.

      • Add a new authentication record that grants All access to the SecureBroker/Secure credentials This new record must be below the BrokerNonsecure/Nonsecure record. For example:

        <BROKER>:BrokerNonsecure:Nonsecure:Ping
        <BROKER> : SecureBroker : Secure : All