Server Access Control and Authentication
The authorization property in the main configuration file enables or disables authentication of incoming connections and the checking of permissions for all destinations managed by the server.
disabled
. For secure deployments, the administrator must explicitly set
authorization
to
enabled
.
When
authorization
is
disabled
, the server grants any connection request, and does not check permissions when a client accesses a destination (for example, publishing a message to a topic).
When
authorization
is
enabled
, the server grants connections only upon successful authentication. The server checks permissions for client operations involving secure destinations.
To enable
authorization
, either edit
tibemsd.conf (set the
authorization
property to
enabled
, and restart the server). Or you can use the
tibemsadmin
tool to dynamically enable authorization with the following
set server command:
set server authorization=enabled
Authorization does affect connections between fault-tolerant server pairs; see Authorization and Fault-Tolerant Servers.
Administrators must always log in with the correct administration username and password to perform any administrative function—even when
authorization
is
disabled
.