Three interacting factors affect the security of destinations (that is, topics and queues). In a secure deployment, you must properly configure all three of these items:
The server’s authorization parameter acts as a master switch for checking permissions for connection requests and operations on secure destinations. The default value of this parameter is
disabled—the server does not check any permissions, and allows all operations. For secure deployment, you must enable this parameter.
For ease in installation and initial testing, the default setting for the admin password is no password at all. Until you set an actual password, the user
admin can connect without a password. Once the administrator password has been set, the server always requires it.
When authorization is enabled, the server requires a name and password before users can connect. Only authenticated users can connect to the server. The form of authentication can be either an X.509 certificate or a username and password (or both).
When authorization is disabled, the server does not check user authentication; all user connections are allowed. However, even when
authorization is disabled, the user
admin must still supply the correct password to connect to the server.
Even when authorization is enabled, the administrator (
admin) may explicitly allow anonymous user connections, which do not require password authorization. To allow these connections, create a user with the name
anonymous and no password.
SSL communication requires software to implement SSL on both server and client. The EMS server includes the OpenSSL implementation. Java client programs must use either JSSE (part of the Java environment) or separately purchased SSL software from Entrust; neither of these are part of the EMS product. C client programs can use the OpenSSL library shipped with EMS.
The administration tool can either include or omit a timestamp associated with the output of each command. To ensure a secure deployment, you must explicitly enable the timestamp feature. Use the following administration tool command:
Audit information is output to log files (and stderr), and is configured by the server parameters
log_trace and
console_trace (see
Tracing and Log File Parameters).
The DEFAULT setting includes
+ADMIN, so all administrative operations produce audit output. For further details, see
Table 62, Server Tracing Options.
Administrators can read and print the log files for audit review using tools (such as text editors) commonly available within all IT environments. EMS software does not include a special tool for audit review.