![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
• If JAAS authentication is not configured, the Central Administration server uses the admin user, with no password, to authenticate with all the EMS servers.
• If JAAS authentication is configured, the Central Administration server presents the user ID and password presented when the current user logged on. If the user is attempting to deploy configuration changes but does not have the necessary administrative privileges for the EMS server, the deployment fails.
− emsca-admin — Grants administrative privleges to members. Administrators may lock and edit an EMS server in Central Administration, and deploy an updated server configuration. However, note that the user must also have administrative privileges for the EMS server before deploying.
− emsca-guest — Grants read-only privleges to members. Guest users are not able to make changes or deploy configurations through Central Administration.
To enable JAAS authentication, set the --jaas option at the command line, or through the related setting in the Central Administration configuration file.For more information on JAAS security, see the sample configuration files in EMS_HOME\samples\emsca\jaas.
The Central Administration server does not verify hostnames or hosts.The syntax and use of these SSL configuration options are further documented in Table 4, Central Administration Server Options:
− Enable SSL using the --ems-ssl-identity command line option, or through the related setting in the Central Administration configuration file. This option sets the path to the identity certificate and private key that the Central Administration server uses when identifying itself to the EMS servers.
− Provide the SSL password associated with the private key by setting the com.tibco.ems.ssl.password parameter. The command line option --ems-ssl-password is also available, but providing a password on the command line is not recommended and may pose a security risk. Use tibemsadmin -mangle to generate an obfuscated version before providing the password in either configuration file or command line.If you do not provide the password using the parameter or flag, the Central Administration server requires the SSL decryption password when you log in. Note that this option is only available if JAAS is configured.
− Specify an SSL policy using the --ssl-policy command line option, or through the related setting in the Central Administration configuration file. By default, the Central Administration server attempts to connect through any of the listens defined in the EMS server configuration, regardless of whether they are SSL connections or not. Alternately, you can either "require" or "prefer" an SSL connection. If you require SSL, the server will not communicate with the EMS through a non-SSL connection. If you prefer SSL, SSL connections are attempted first.For more information on using SSL in TIBCO Enterprise Message Service, see Using the SSL Protocol in the TIBCO Enterprise Message Service User’s Guide.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |