Table of Contents
Just a second...

SystemAuthentication.store

The SystemAuthentication.store file defines the roles that are assigned by the system authentication handler to client sessions that have authenticated with a specific security principal. It also defines whether anonymous connections are allowed or denied.

The following sections each describe the syntax for a single line of the file.

Adding a principal

Railroad diagram
A railroad diagram that describes the syntax used to add a principal to the system authentication store: ADD PRINCIPAL principal password. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
add principal " principal_name " " password " [ [ " role " [ " role " ] ] ]
Example
add principal "user6" "passw0rd"
add principal "user13" "passw0rd" ["CLIENT" "TOPIC_CONTROL"]

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Removing a principal

Railroad diagram
A railroad diagram that describes the syntax used to remove a principal from the system authentication store: REMOVE PRINCIPAL principal.
Backus-Naur form
remove principal " principal_name "
Example
remove principal "user25"

Assigning roles to a principal

Railroad diagram
A railroad diagram that describes the syntax used to assign roles to a principal in the system authentication store: ASSIGN ROLES principal, followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
assign roles " principal_name " [ " role " [ , " role " ] ]
Example
assign roles "agent77" ["CLIENT", "CLIENT_CONTROL"]

When you use this command to assign roles to a principal, it overwrites any existing roles assigned to that principal. Ensure that all the roles you want the principal to have are listed in the command.

Setting the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to set the password of a principal in the system authentication store: SET PASSWORD principal password.
Backus-Naur form
set password " principal_name " " password "
Example
set password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Verifying the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to verify the password of a principal in the system authentication store: VERIFY PASSWORD principal password.
Backus-Naur form
verify password " principal_name " " password "
Example
verify password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Allowing anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to allow anonymous connections: ALLOW ANONYMOUS CONNECTIONS. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
allow anonymous connections [ [ " role " [ , " role " ] ] ]
Example
allow anonymous connections [ "CLIENT" ]

Denying anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to deny anonymous connections: DENY ANONYMOUS CONNECTIONS.
Backus-Naur form
deny anonymous connections
Example
deny anonymous connections

Abstaining from providing a decision about anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to abstain from decisions about anonymous connections: ABSTAIN ANONYMOUS CONNECTIONS.
Backus-Naur form
abstain anonymous connections
Example
abstain anonymous connections