This section describes how to configure the JMS Password Store.
Properties pertaining to the JMS Password Store are set in the plug-ins general configuration file: pwsync.props. By default there is one file per each plug-in, for example, TDI_Install_dir/pwd_plugins/tds/pwsync.props
In the general configuration file, encrypt each password property manually. This can be done using the encryptPasswd utility. Be aware that this utility uses a symmetric algorithm for encryption of the passwords. Make sure that the pwsync.props file is readable only by trusted system users.
The encyptPasswd utility expects that the password is passed as a parameter. The encrypted password is printed on the standard output.
For a complete list of the configuration parameters, their explanation and the encryptPasswd utility, see Password plug-ins common configuration and utilities.
An extract of the JMS Password Store configuration section of the pwsync.props file follows:
# Passwords encryption properties: ### Specify true or false to correspondingly turn the ### encryption of passwords on or off. encrypt=true ### The path of the JKS file that is used to encrypt ### passwords (only taken into account when encrypt ### is set to true). encryptKeyStoreFilePath= ### The encrypted password of the JKS file (only ### taken into account when encrypt is set to true). ### This maps to the -storepass parameter for keytool ### -genkey encryptKeyStoreFilePassword= ### The alias of the key from the JKS file. encryptKeyStoreCertificate= # PKCS7 Configuration: ### This indicates whether or not the option is turned on. pkcs7=false ### The file path and the name of the JKS file. pkcs7KeyStoreFilePath= ### The password for the JKS file. pkcs7KeyStoreFilePassword= ### The alias of the MQePasswordStore's certificate. pkcs7MqeStoreCertificateAlias= ### The alias of the MQePasswordStoreConnector's certificate. pkcs7MqeConnectorCertificateAlias= # The specific driver used for establishing connection with a broker. # Possible values: ### com.ibm.di.plugin.pwstore.jms.driver.IBMMQe ### com.ibm.di.plugin.pwstore.jms.driver.IBMMQ jmsDriverClass=com.ibm.di.plugin.pwstore.jms.driver.IBMMQe # The ID of this client. This value is used when # connecting to a broker. Most brokers do not allow # clients to have the same ID. jms.clientId= # MQe Configuration: ### The path to the .ini file of the generated MQe QueueManager. mqe.file.ini = ### The TCP/IP port that is used when the MQe Connector ### sends notifications to the Storage Component. Default ### value is 41002. mqe.notify.port=41002 # Websphere MQ Configuration: ### JMS Server address (ip host and tcp port number). jms.broker=<host>:<port> ### Login username for the password queue. jms.username= ### Login password for password queue. ### Note: This field should be encoded. Use the following utility: ### encryptPasswd <yourpassword>. jms.password= ### MQ Server Channel. jms.serverChannel= ### Specifies MQ Queue Manager Name. jms.qManager= ### If true, have a properly configured the JMS provider. jms.sslUseFlag=false ### CipherSuite names supported by WebSphere MQ. ### Possible values: ### SSL_RSA_WITH_DES_CBC_SHA ### SSL_RSA_WITH_NULL_MD5 ### SSL_RSA_WITH_NULL_SHA ### SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 ### SSL_RSA_WITH_RC4_128_MD5 ### SSL_RSA_EXPORT_WITH_RC4_40_MD5 ### SSL_RSA_WITH_RC4_128_SHA ### SSL_RSA_WITH_3DES_EDE_CBC_SHA ### SSL_RSA_EXPORT1024_WITH_RC4_56_SHA ### SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA ### SSL_RSA_WITH_AES_128_CBC_SHA ### SSL_RSA_WITH_AES_256_CBC_SHA ### SSL_RSA_FIPS_WITH_DES_CBC_SHA ### SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA jms.sslCipher=SSL_RSA_WITH_RC4_128_MD5
In this section, the following parameters merit attention:
The path to the .ini file generated by the MQe Configuration Utility (usually C:\\Program Files\\IBM\\TDI\\V7.1\\pwd_plugins\\tds\\MQePWStore\\pwstore_client.ini).
The TCP/IP port that is used when the JMS Password Connector sends notifications to the MQe Driver on behalf of the JMS Password Store. Default value is 41002.
For more information about the usage of this parameter, also see section "Force transfer of accumulated messages from the JMS Password Store with MQe" in IBM TDI V7.1 Reference Guide.