Secure Daemon
Before connecting to secure Rendezvous daemons, programs must register user information (such as a name and password, or a certificate), and the identities of one or more trusted secure daemons (such as names or certificates).
Secure Daemon Calls
| Language | Secure Dameons |
|---|---|
|
C |
|
|
C++ |
|
|
Java |
|
|
.NET |
|
Environment Variables
Follow the following guidelines while using environment variables:
| • | The client must connect to a secure Rendezvous daemon (rvsd, rvsrd) or TRNS. |
| • | Using a combination of secure daemon APIs and environment variables is not supported. |
| • | If you can update application code, use the secure daemon API instead of the environment. |
| • | C programs must be dynamically linked to the Rendezvous client library and the runtime library path must include the Rendezvous secure client library. |
| Name | Value | Description |
|---|---|---|
TIBRV_SECURE_DAEMON_ENABLED
|
true, false |
If true, secure daemon upgrade feature is enabled causing |
TIBRV_SECURE_DAEMON_USER
|
string |
If not set, an empty string is sent as the username. A simple string passed as the username to TibrvSdContext:setUserNameWithPassword() or a PEM encoded certificate passed into TibrvSdContext:setUserCertWithKey(). The library attempts to automatically determine if the string is PEM encoded. Corrupt or invalid PEM strings are treated as simple password strings. |
TIBRV_SECURE_DAEMON_PASSWORD
|
string |
It can optionally include one of the prefix followed by a colon: pass or file The password passed into either
|
TIBRV_SECURE_DAEMON_NAME
|
string |
If not set, the NULL value is used. A string, in the form of a RV transport daemon specification. For example, |
TIBRV_SECURE_DAEMON_CERTIFICATE
|
string |
If not set, the NULL value is used. A PEM encoded string passed into TibrvSdContext:setDaemonCert() and used for server verification. If not set then server verification is disabled. |
Secure Connections to TIBCO Rendezvous Network Service
Follow the following guidelines when you are using the secure daemon API or environment variables to secure the Rendezvous client connections to TIBCO Rendezvous Network Service (TRNS):
| • | A combination of secure daemon APIs and environment variables is not supported. |
| • | TRNS only supports username and password authentication. |
| • | TRNS does not support authentication by using user certificates. |
| • | Server (daemon) name verification is not supported. |
Using the Secure Daemon API
Enable a Secured Connection
When using the API to secure connections, call both SetUserNameWithPassword and SetDaemonCert (even if you do not require authentication or server verification). The combination of configuring auhentication and server verification enables the secure connection in the client library.
Authenticate
Call SetUserNameWithPassword to enable a secure connection, even if authentication is not required.
If authentication is not required, use empty strings for the username and password.
Verify Server
Call SetDaemonCert to enable a secure connection, even if server verification is not required.
If server verification is not required, use TIBRV_SECURE_DAEMON_ANY_CERT for the certificate parameter.
If server verification is required, set the certificate parameter to the PEM encoded server certificate.
Set the daemon name parameter to TIBRV_SECURE_DAEMON_ANY_NAME.
Using Environment Variables
Enable a Secured Connection
When using environment variables to secure connections, you only need to set TIBRV_SECURE_DAEMON_ENABLED to true. By default, this connection is not authenticated or perform server verification.
Authenticate
Authentication is disabled by default.
If authentication is required, set TIBRV_SECURE_DAEMON_USER and TIBRV_SECURE_DAEMON_PASSWORD.
Verify Server
Server verification is disabled by default.
If server verification is required, set TIBRV_SECURE_DAEMON_CERTIFICATE to the PEM encoded server certificate.
Do not set TIBRV_SECURE_DAEMON_NAME.
See Also
Secure Daemons (rvsd and rvsrd) in