test

Sun Java System Message Queue 3.7 UR1 Administration Guide

Password Files

Several types of commands require passwords. In Table 7–6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.

Table 7–6 Commands That Use Passwords

Command 

Purpose 

Purpose of Password 

imqbrokerd

Start the broker 

Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository 

imqcmd

Manage the broker 

Authenticate an administrative user who is authorized to use the command 

imqdbmgr

Manage a JDBC-based data store 

Access the data store 

You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:

imqbrokerd -passfile myPassfile
Note –

In previous releases, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on a command line. These options are deprecated and will be removed in a future release. In the current release, a value on the command line for one of these options supersedes the associated value in a password file.

Security Concerns

Specifying a password interactively, in response to a prompt, is the most secure method of specifying a password, unless your monitor is visible to other people. You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.

A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set permissions such that they limit the users who can view the file, but provide read access to the user who starts the broker.

Password File Contents

A password file is a simple text file that contains a set of properties and values. Each value is a password used by a command.

A password file can contain the passwords shown in Table 7–7:

Table 7–7 Passwords in a Password File

Password 

Affected Commands 

Description 

imq.imqcmd.password 

+-imqcmd 

Specifies the administrator password for an imqcmd command line. The password is authenticated for each command.

 

imq.keystore.password

imqbrokerd 

Specifies the key store password for SSL-based services. 

 

imq.persist.jdbc.password
 

imqbrokerd
imdbmgr

Specifies the password used to open a database connection, if required. 

 

imq.user_repository.ldap.password
 

imqbrokerd

Specifies the password associated with the distinguished name assigned to a broker for binding to a configured LDAP user repository. 

A sample password file is part of the Message Queue product. For the location of the sample file, see Appendix A, Platform-Specific Locations of Message QueueTM Data