Sun Java System Message Queue 3.7 UR1 Administration Guide

Password Files

Several types of commands require passwords. In Table 7–6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.

Table 7–6 Commands That Use Passwords



Purpose of Password 


Start the broker 

Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository 


Manage the broker 

Authenticate an administrative user who is authorized to use the command 


Manage a JDBC-based data store 

Access the data store 

You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:

imqbrokerd -passfile myPassfile

Note –

In previous releases, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on a command line. These options are deprecated and will be removed in a future release. In the current release, a value on the command line for one of these options supersedes the associated value in a password file.

Security Concerns

Specifying a password interactively, in response to a prompt, is the most secure method of specifying a password, unless your monitor is visible to other people. You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.

A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set permissions such that they limit the users who can view the file, but provide read access to the user who starts the broker.

Password File Contents

A password file is a simple text file that contains a set of properties and values. Each value is a password used by a command.

A password file can contain the passwords shown in Table 7–7:

Table 7–7 Passwords in a Password File


Affected Commands 




Specifies the administrator password for an imqcmd command line. The password is authenticated for each command.



Specifies the key store password for SSL-based services. 



Specifies the password used to open a database connection, if required. 



Specifies the password associated with the distinguished name assigned to a broker for binding to a configured LDAP user repository. 

A sample password file is part of the Message Queue product. For the location of the sample file, see Appendix A, Platform-Specific Locations of Message QueueTM Data