Several types of commands require passwords. In Table 7–6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.
Table 7–6 Commands That Use Passwords
Command |
Purpose |
Purpose of Password |
---|---|---|
imqbrokerd |
Start the broker |
Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository |
imqcmd |
Manage the broker |
Authenticate an administrative user who is authorized to use the command |
imqdbmgr |
Manage a JDBC-based data store |
Access the data store |
You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:
imqbrokerd -passfile myPassfile
In previous releases, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on a command line. These options are deprecated and will be removed in a future release. In the current release, a value on the command line for one of these options supersedes the associated value in a password file.
Specifying a password interactively, in response to a prompt, is the most secure method of specifying a password, unless your monitor is visible to other people. You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.
A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set permissions such that they limit the users who can view the file, but provide read access to the user who starts the broker.
A password file is a simple text file that contains a set of properties and values. Each value is a password used by a command.
A password file can contain the passwords shown in Table 7–7:
Table 7–7 Passwords in a Password File
A sample password file is part of the Message Queue product. For the location of the sample file, see Appendix A, Platform-Specific Locations of Message QueueTM Data