test

Sun Java System Message Queue 3.7 UR1 Administration Guide

Security Properties

Table 14–7 lists the broker properties related to security services.

Table 14–7 Broker Security Properties

Property 

Type 

Default 

Description 

imq.accesscontrol.enabled

Boolean 

true

Use access control?

If true, the system will check the access control properties file to verify that an authenticated user is authorized to use a connection service or to perform specific operations with respect to specific destinations.

imq.serviceName.accesscontrol.enabled

Boolean 

None 

Use access control for connection service?  

If specified, overrides imq.accesscontrol.enabled for the designated connection service.

If true, the system will check the access control properties file to verify that an authenticated user is authorized to use the designated connection service or to perform specific operations with respect to specific destinations.

imq.accesscontrol.file.filename

String 

accesscontrol.properties

Name of access control properties file 

The file name specifies a path relative to the access control directory (see Appendix A, Platform-Specific Locations of Message QueueTM Data).

imq.serviceName.accesscontrol.file.filename

String 

None 

Name of access control properties file for connection service 

If specified, overrides imq.accesscontrol.file.filename for the designated connection service.

The file name specifies a path relative to the access control directory (see Appendix A, Platform-Specific Locations of Message QueueTM Data).

imq.authentication.type

String 

digest

Password encoding method:

    basic: Base-64


    digest: MD5

imq.serviceName.authentication.type

String 

None 

Password encoding method for connection service:

    basic: Base-64


    digest: MD5


If specified, overrides imq.authentication.type for the designated connection service.

imq.authentication.basic.user_repository

String 

file

Type of user repository for base-64 authentication:  

    file: File-based


    ldap: LDAP

imq.authentication.client.response.timeout

Integer 

180

Interval, in seconds, to wait for client response to authentication requests 

imq.passfile.enabled

Boolean 

false

Obtain passwords from password file?  

imq.passfile.dirpath

String 

See Appendix A, Platform-Specific Locations of Message QueueTM Data

Path to directory containing password file 

imq.passfile.name

String 

passfile

Name of password file

imq.imqcmd.password

String 

None 

Password for administrative user 

The Command utility (imqcmd) uses this password to authenticate the user before executing a command.

imq.user_repository.ldap.server

String 

None 

Host name and port number for LDAP server

The value is of the form  

    hostName:port


where hostName is the fully qualified DNS name of the host running the LDAP server and port is the port number used by the server.

     

To specify a list of failover servers, use the following syntax:  

    host1:port1


    ldap://host2: port2


    ldap://host3 :port3



     

Entries in the list are separated by spaces. Note that each failover server address is prefixed with ldap://. Use this format even if you use SSL and have set the property imq.user_repository.ldap.ssl.enabled to true. You need not specify ldaps in the address.

imq.user_repository.ldap.principal

String 

None 

Distinguished name for binding to LDAP user repository

Not needed if the LDAP server allows anonymous searches.

imq.user_repository.ldap.password [Should be used only in password files]

String 

None 

Password for binding to LDAP user repository

Not needed if the LDAP server allows anonymous searches.

imq.user_repository.ldap.propertyName

To come 

To come 

To come 

imq.user_repository.ldap.base

String 

None 

Directory base for LDAP user entries

imq.user_repository.ldap.uidattr

String 

None 

Provider-specific attribute identifier for LDAP user name

imq.user_repository.ldap.usrfilter

String 

None 

(Optional) JNDI filter for LDAP user searches

imq.user_repository.ldap.grpsearch

Boolean 

false

Enable LDAP group searches?

Note –

Message Queue does not support nested groups.

imq.user_repository.ldap.grpbase

String 

None 

Directory base for LDAP group entries

imq.user_repository.ldap.gidattr

String 

None 

Provider-specific attribute identifier for LDAP group name

imq.user_repository.ldap.memattr

String 

None 

Provider-specific attribute identifier for user names in LDAP group

imq.user_repository.ldap.grpfilter

String 

None 

(Optional) JNDI filter for LDAP group searches

imq.user_repository.ldap.timeout

Integer 

280

Time limit for LDAP searches, in seconds

imq.user_repository.ldap.ssl.enabled

Boolean 

false

Use SSL when communicating with LDAP server?

imq.keystore.file.dirpath

String 

See Appendix A, Platform-Specific Locations of Message QueueTM Data

Path to directory containing key store file 

imq.keystore.file.name

String 

keystore

Name of key store file 

imq.keystore.password

String 

None 

Password for key store file 

imq.audit.enabled [Message Queue Enterprise Edition only]

Boolean 

false

Start audit logging to broker log file?