Sun Java System Message Queue 4.3 Administration Guide

Password Files

Several types of command require passwords. In Table 9–6, the first column lists the commands that require passwords and the second column lists the reason that passwords are needed.

Table 9–6 Commands That Use Passwords

Command 

Description 

Purpose of Password 

imqbrokerd

Start broker 

Access a JDBC-based persistent data store, an SSL certificate key store, or an LDAP user repository

imqcmd

Manage broker 

Authenticate an administrative user who is authorized to use the command 

imqdbmgr

Manage JDBC-based data store

Access the data store 

You can specify these passwords in a password file and use the -passfile option to specify the name of the file. This is the format for the -passfile option:

   imqbrokerd  -passfile filePath

Note –

In previous versions of Message Queue, you could use the -p, -password, -dbpassword, and -ldappassword options to specify passwords on the command line. As of Message Queue 4.0, these options are deprecated and are no longer supported; you must use a password file instead.


Security Concerns

Typing a password interactively, in response to a prompt, is the most secure method of specifying a password (provided that your monitor is not visible to other people). You can also specify a password file on the command line. For non-interactive use of commands, however, you must use a password file.

A password file is unencrypted, so you must set its permissions to protect it from unauthorized access. Set the permissions so that they limit the users who can view the file, but provide read access to the user who starts the broker.

Password File Contents

A password file is a simple text file containing a set of properties and values. Each value is a password used by a command. Table 9–7 shows the types of passwords that a password file can contain.

Table 9–7 Passwords in a Password File

Password 

Affected Commands 

Description 

imq.imqcmd.password

imqcmd

Administrator password for Message Queue Command utility (authenticated for each command) 

imq.keystore.password

imqbrokerd

Key store password for SSL-based services

imq.persist.jdbc.password

imqbrokerdimqdbmgr

Password for opening a database connection, if required 

imq.user_repository.ldap.password

imqbrokerd

Password associated with the distinguished name assigned to a broker for binding to a configured LDAP user repository

A sample password file is provided as part of your Message Queue installation; see Appendix A, Platform-Specific Locations of Message Queue Data for the location of this file, depending on your platform.