Table 14–7 lists the broker properties related to security services.
Table 14–7 Broker Security Properties
Property |
Type |
Default |
Description |
---|---|---|---|
Boolean |
true |
If true, the system will check the access control properties file to verify that an authenticated user is authorized to use a connection service or to perform specific operations with respect to specific destinations. |
|
imq.serviceName.accesscontrol.enabled |
Boolean |
None |
Use access control for connection service? If specified, overrides imq.accesscontrol.enabled for the designated connection service. If true, the system will check the access control properties file to verify that an authenticated user is authorized to use the designated connection service or to perform specific operations with respect to specific destinations. |
String |
accesscontrol.properties |
Name of access control properties file The file name specifies a path relative to the access control directory (see Appendix A, Platform-Specific Locations of Message QueueTM Data). |
|
String |
None |
Name of access control properties file for connection service If specified, overrides imq.accesscontrol.file.filename for the designated connection service. The file name specifies a path relative to the access control directory (see Appendix A, Platform-Specific Locations of Message QueueTM Data). |
|
String |
digest |
basic: Base-64 digest: MD5 |
|
String |
None |
Password encoding method for connection service: basic: Base-64 digest: MD5 If specified, overrides imq.authentication.type for the designated connection service. |
|
String |
file |
Type of user repository for base-64 authentication: file: File-based ldap: LDAP |
|
Integer |
180 |
Interval, in seconds, to wait for client response to authentication requests |
|
Boolean |
false |
Obtain passwords from password file? |
|
String |
See Appendix A, Platform-Specific Locations of Message QueueTM Data |
Path to directory containing password file |
|
String |
passfile | ||
String |
None |
Password for administrative user The Command utility (imqcmd) uses this password to authenticate the user before executing a command. |
|
String |
None |
Host name and port number for LDAP server The value is of the form hostName:port where hostName is the fully qualified DNS name of the host running the LDAP server and port is the port number used by the server. |
|
To specify a list of failover servers, use the following syntax: host1:port1 ldap://host2: port2 ldap://host3 :port3 … |
|||
Entries in the list are separated by spaces. Note that each failover server address is prefixed with ldap://. Use this format even if you use SSL and have set the property imq.user_repository.ldap.ssl.enabled to true. You need not specify ldaps in the address. |
|||
String |
None |
Distinguished name for binding to LDAP user repository Not needed if the LDAP server allows anonymous searches. |
|
imq.user_repository.ldap.password [Should be used only in password files] |
String |
None |
Password for binding to LDAP user repository Not needed if the LDAP server allows anonymous searches. |
To come |
To come |
To come |
|
String |
None |
Directory base for LDAP user entries |
|
String |
None |
Provider-specific attribute identifier for LDAP user name |
|
String |
None |
(Optional) JNDI filter for LDAP user searches |
|
Boolean |
false |
Enable LDAP group searches? Note – Message Queue does not support nested groups. |
|
String |
None |
Directory base for LDAP group entries |
|
String |
None |
Provider-specific attribute identifier for LDAP group name |
|
String |
None |
Provider-specific attribute identifier for user names in LDAP group |
|
String |
None |
(Optional) JNDI filter for LDAP group searches |
|
Integer |
280 |
Time limit for LDAP searches, in seconds |
|
Boolean |
false |
Use SSL when communicating with LDAP server? |
|
String |
See Appendix A, Platform-Specific Locations of Message QueueTM Data |
Path to directory containing key store file |
|
String |
keystore |
Name of key store file |
|
String |
None |
Password for key store file |
|
Boolean |
false |
Start audit logging to broker log file? |