Several types of command require passwords. In Table 9–6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.
Table 9–6 Commands That Use Passwords
Command |
Description |
Purpose of Password |
---|---|---|
Start broker |
Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository |
|
Manage broker |
Authenticate an administrative user who is authorized to use the command |
|
Manage JDBC-based data store |
Access the data store |
You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:
imqbrokerd -passfile filePath
In previous versions of Message Queue, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on the command line. As of Message Queue 4.0, these options are deprecated and are no longer supported; you must use a password file instead.
Typing a password interactively, in response to a prompt, is the most secure method of specifying a password (provided that your monitor is not visible to other people). You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.
A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set the permissions so that they limit the users who can view the file, but provide read access to the user who starts the broker.
A password file is a simple text file containing a set of properties and values. Each value is a password used by a command. Table 9–7 shows the types of passwords that a password file can contain.
Table 9–7 Passwords in a Password File
Password |
Affected Commands |
Description |
---|---|---|
imqcmd |
Administrator password for Message Queue Command utility (authenticated for each command) |
|
imqbrokerd |
Key store password for SSL-based services |
|
imqbrokerdimqdbmgr |
Password for opening a database connection, if required |
|
imqbrokerd |
Password associated with the distinguished name assigned to a broker for binding to a configured LDAP user repository |
A sample password file is provided as part of your Message Queue installation; see Appendix A, Platform-Specific Locations of Message Queue Data for the location of this file, depending on your platform.