JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server Message Queue 4.5 Administration Guide
search filter icon
search icon

Document Information


Part I Introduction to Message Queue Administration

1.  Administrative Tasks and Tools

2.  Quick-Start Tutorial

Part II Administrative Tasks

3.  Starting Brokers and Clients

4.  Configuring a Broker

5.  Managing a Broker

6.  Configuring and Managing Connection Services

7.  Managing Message Delivery

8.  Configuring Persistence Services

9.  Configuring and Managing Security Services

Introduction to Security Services




User Authentication

Using a Flat-File User Repository

User Groups and Status

Using the User Manager Utility

Using an LDAP User Repository

To Set Up an Administrative User

Using JAAS-Based Authentication

Elements of JAAS

JAAS and Message Queue

Setting up JAAS-Compliant Authentication

User Authorization

Access Control File Syntax

Application of Authorization Rules

Authorization Rules for Connection Services

Authorization Rules for Physical Destinations

Authorization Rules for Auto--Created Physical Destinations

Message Encryption

Using Self-Signed Certificates

Setting Up an SSL-Based Connection Service Using Self-Signed Certificates

Configuring and Running an SSL-Based Client Using Self-Signed Certificates

Using Signed Certificates

Obtaining and Installing a Signed Certificate

Configuring the Client to Require Signed Certificates

Password Files

Security Concerns

Password File Contents

Connecting Through a Firewall

To Enable Broker Connections Through a Firewall

Audit Logging with the Solaris BSM Audit Log

10.  Configuring and Managing Broker Clusters

11.  Managing Administered Objects

12.  Configuring and Managing Bridge Services

13.  Monitoring Broker Operations

14.  Analyzing and Tuning a Message Service

15.  Troubleshooting

Part III Reference

16.  Command Line Reference

17.  Broker Properties Reference

18.  Physical Destination Property Reference

19.  Administered Object Attribute Reference

20.  JMS Resource Adapter Property Reference

21.  Metrics Information Reference

22.  JES Monitoring Framework Reference

Part IV Appendixes

A.  Distribution-Specific Locations of Message Queue Data

B.  Stability of Message Queue Interfaces

C.  HTTP/HTTPS Support

D.  JMX Support

E.  Frequently Used Command Utility Commands


Password Files

Several types of command require passwords. In Table 9-6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.

Table 9-6 Commands That Use Passwords

Purpose of Password
Start broker
Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository
Manage broker
Authenticate an administrative user who is authorized to use the command
Manage JDBC-based data store
Access the data store

You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:

imqbrokerd -passfile filePath

Note - In previous versions of Message Queue, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on the command line. As of Message Queue 4.0, these options are deprecated and are no longer supported; you must use a password file instead.

Security Concerns

Typing a password interactively, in response to a prompt, is the most secure method of specifying a password (provided that your monitor is not visible to other people). You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.

A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set the permissions so that they limit the users who can view the file, but provide read access to the user who starts the broker.

Password File Contents

A password file is a simple text file containing a set of properties and values. Each value is a password used by a command. Table 9-7 shows the types of passwords that a password file can contain.

Table 9-7 Passwords in a Password File

Affected Commands
Administrator password for Message Queue Command utility (authenticated for each command)
Key store password for SSL-based services
Password for opening a database connection, if required
Password associated with the distinguished name assigned to a broker for binding to a configured LDAP user repository

A sample password file, IMQ_HOME/etc/passfile.sample, is provided as part of your Message Queue installation.