.
contact contact

B.08.40 / Reference Docs / Utilities / eloqsd.cfg

eloqsd.cfg configuration file

 
.
  The eloqsd.cfg configuration file defines eloqsd configuration.

The section names are not case sensitive. String values can be enclosed in double quotes to protect leading or trailing spaces. An unquoted hash character (#) starts a comment.

The following configuration items are recognized:

Service
Specifies the service name (as defined in /etc/services) or the port number where the server should listen for requests. The default value is eloqsd.

A suffix /4, /6, or /46 may be used for establishing IPv4 only, IPv6 (with implied IPv4) or separate IPv4 and IPv6 listening sockets. By default, separate IPv4 and IPv6 sockets are used. For example: eloqsd/46

ServiceHttp
Specifies the service name (as defined in /etc/services) or the port number where the server should listen for HTTP requests. If neither ServiceHttp nor ServiceHttps are specified, the HTTP/HTTPS status is disabled.
A suffix may specify support of the IPv4 and IPv6 protocol. By default, separate IPv4 and IPv6 sockets are used.

ServiceHttps
Specifies the service name (as defined in /etc/services) or the port number where the server should listen for HTTPS (secure HTTP) requests. If neither ServiceHttp nor ServiceHttps are specified, the HTTP/HTTPS status is disabled.
Enabling the secure HTTP protcol requires that TLS is configured.
A suffix may specify support of the IPv4 and IPv6 protocol. By default, separate IPv4 and IPv6 sockets are used.

Panic
This configuration item specifies what happens if eloqsd is aborted due to a fatal problem.

The following options are valid:

  • exit - Terminate the process. This is the default.
  • dump - Terminate the process and create a core dump.

panic = dump is a problem tracking option. Unless you know what you need the coredump for you probably want to stay with the default.

HttpUser
If set, the eloqsd HTTP status display will require a matching user name (HTTP basic authentication) before allowing access to the eloqsd HTTP status. The default value is empty.

HttpPswd
If set, the eloqsd HTTP status display will require a matching password (HTTP basic authentication) before allowing access to the eloqsd HTTP status. The default value is empty.

HttpFrame
Numeric flag if the links should be omitted in the HTTP status. The default value is 0.

Lang
This configuration option defines the locale, the server should use. The default value is "C". The only locale currently supported is "C".

Messages
This configuration option defines the language for server messages. This value defaults to Lang. The only locale currently supported is "C".

Charset
This defines the character set encoding, the server should use internally. Valid settings are:
  • HPROMAN8 - HP Roman8
  • ISO8859/1 - ISO 8859/1

The default value for HP-UX is HPROMAN8, all other platforms default to ISO8859/1. This setting is used by the server to translate client strings like user or file names.

AuthPolicy
The AuthPolicy config item specifies, how user names and passwords are validated by default. The following options are valid:

server
On HP-UX and Linux the server will validate passwords and user names using the userFile (eloqsd.user).

On Windows the server will validate user names using the userFile and pass the resulting uid (Windows account) and the password to the operating system. After a successful login, the process continues to run with the user's permissions.

user (Windows)
An operating system user account must be used to run the server which must be different from the SYSTEM account. All processes are run with this account's permissions. The userFile is used to validate both user names and passwords.

pam (HP-UX and Linux)
Users are authenticated through PAM (Pluggable Authentication Modules), the userFile configuration is not used.

The default value is "server".

LogonType (Windows)
If AuthPolicy is set to "server", the LogonType item specifies how to logon a user to the operating system. The following options are valid:

interactive
The "interactive" logon type is used. This mode grants access to all resources the same user would have when logging on interactively.
Note that on Windows domain controllers, this requires the "allow log on locally" user right to be granted in the Windows Domain Controller Security Policy.

batch
The "batch" logon type is used which is meant for background processes. This was used originally in older eloqsd versions but turned out to be restricted in recent Windows server versions. It requires the "log on as a batch job" user right to be granted.

The default value is "interactive".

userFile
The path/name of the eloqsd.user file. The default is eloqsd.user in the Eloquence configuration directory.

appFile
The path/name of the eloqsd.app file. The default is eloqsd.app in the Eloquence configuration directory.

shareFile
The path/name of the eloqsd.share file. The default is eloqsd.share in the Eloquence configuration directory.

pswdFile
The path/name of the eloqsd.pswd file. The eloqsd.pswd file holds encrypted eloqsd passwords. The default is eloqsd.pswd in the Eloquence configuration directory.

DefaultUID
The name (or numeric id) of the system account to run client processes as, unless a different setting is provided for the user.

On Windows if this account is located on a domain server, it must be prefixed with the domain name followed by a backslash character (DOMAIN\username).

DefaultUID = eloqsd
#DefaultUID = Guest

DefaultGID (HP-UX, Linux)
The name (or numeric id) of the system group to run client processes as, unless a different setting is provided for the user.
DefaultGID = eloqsd

LogFile
This defines where log messages are written to. This configuration value either specifies a path/file or one of the keywords below:

  • console - log messages are written to the console
  • syslog - log messages will be sent to the syslog daemon (HP-UX, Linux) or the Windows Event Log.

The default value is "syslog".

SysIdent (HP-UX, Linux)
SysFacility (HP-UX, Linux)
This may be used to specify the syslog identifier and facility. Supported facility values are: USER/DAEMON/LOCAL0..LOCAL7. The default syslog identifier is "eloqsd". The default syslog facility is "USER". Please refer to syslogd(1M) for more information.

For example:

SysIdent = eloqsd
SysFacility = USER

LogFlags
Each log message has an associated origin and severity. The log flags define, which messages will be logged. The "*" origin matches all message origins, so it can be used to setup a default which can be overridden for a specific message origin (eg. "*1N0"). Default LogFlags are "*0"

The following origins are in use:

  • * = All origins
  • C = Configuration subsystem
  • N = Network transport
  • P = Protocol handling

The following severities are in use:

  • ERROR = 0 - error messages
  • INFO = 1 - information
  • DEBUG = 2 - debug
  • VDEBUG = 3 - verbose debug

When using syslog, the following priorities are mapped:

  • ERROR = LOG_ERR
  • INFO = LOG_NOTICE
  • DEBUG = LOG_DEBUG
  • VDEBUG = LOG_DEBUG

Enabling log messages with DEBUG or VDEBUG severity may result in a huge number of log messages.
To suppress anything but fatal messages, you can set LogFlags to "*0". To enable informational log messages LogFlags should be set to "*1".

MaxUsers (HP-UX, Linux)
MaxTasks (HP-UX, Linux)
The MaxUsers configuration item specifies the maximum number of TASKIDs. This also limits the number of concurrent eloqcore processes. The default value is 40.

The MaxTasks configuration item specifies the maximum number of TASKIDs to reserve for "secondary" eloqcore processes. The default value is 20.

MaxUsers = 40
MaxTasks = 20

[TLS]
The eloqsd server may be configured to accept TLS-encrypted network connections. JDLG 2.0 can use this to securely communicate over insecure network (wide area Internet) connections. In addition, the HTTPS status can be used.

To use TLS communication, a server certificate is needed for the eloqsd host name. JDLG and web browsers require a certificate which is issued by a known authority. In particular, the associated root certificate must be contained in the Java truststore / web browser cert store.

Using TLS requires that OpenSSL version 0.9.8 or newer is installed.

If the JDLG 2.0 tls application configuration attribute is enabled, network communication between JDLG and the eloqsd server is TLS-encrypted. In addition, if the rdlg protocol is configured, the DLG communication between JDLG and the application is TLS-encrypted as well.

[TLS] Enabled
If nonzero, TLS communication is enabled and the other configuration items in the [TLS] section are read. The default value is 0 (TLS communication disabled).

[TLS] CertChainFile
Absolute path to a file in PEM format containing the server certificate and optionally any additional intermediate certificates which represent the verification chain up to the root certificate. The certificates in this file must be sorted in the verification order, starting with the server certificate.

The file may in addition contain the private key associated with the server certificate, in which case the CertKeyFile configuration below can be omitted.

[TLS] CertKeyFile
Absolute path to a file in PEM format containing the private key associated with the server certificate. If this key is contained in the CertChainFile above, configuring CertKeyFile is not necessary.

[TLS] RequiredFrom
[TLS] OptionalFrom
RequiredFrom is used to configure client network addresses which are required to use secure TLS communication. Note: This does not affect the HTTPS status.

If RequiredFrom is configured, OptionalFrom may be used to configure exceptions for client addresses within the RequiredFrom address range(s) which are not required to use secure TLS communication.

For example:

RequiredFrom = All
OptionalFrom = [::1]
OptionalFrom = 127.0.0.1
OptionalFrom = 192.168.1.0/24
RequiredFrom / OptionalFrom argument syntax:
{ All | hostname | ip-address [/{addrbits|netmask}] }
  • Multiple RequiredFrom / OptionalFrom entries are recognized and combined.

  • hostname is the name of a host or network that is resolved into one or more ip addresses.

  • ip-address is either an IPv4 or IPv6 address.

    • An IPv6 address, enclosed in square brackets, such as [::1]. The addrbits option may be used to specify the number of relevant bits in the IP address.

    • An IPv4 address, such as 127.0.0.1. The addrbits option may be used to specify the number of relevant bits in the IP address. The netmask option allows to specify an IPv4 network mask, such as 255.255.255.0.

Changes

The B.08.30 release added support for IPv6 and the https protocol with TLS encryption.

eloqsd.cfg template file

A default configuration file eloqsd.cfg is installed and may be customized. A template eloqsd config file is installed as newconfig/config/eloqsd.cfg.

# @(#) eloqsd.cfg - B.08.40 ($Revision: 29.2 $)
#
# The purpose of this file is to define the eloqsd properties.
# It is installed in the location:
# /etc/opt/eloquence/8.4/eloqsd.cfg
#
# This file is read once at eloqsd startup.
#
# Format:
#
# The section names are not case sensitive. String values can be
# enclosed in double quotes to protect leading or trailing spaces.
# Everything after a hash (#) character is considered a comment.
# Default values are provided commented out.


### Server configuration

[Config]

# Service       The service name (as defined in /etc/services)
#               or the port number where the server should listen
#               for requests. The default value is eloqsd.
#
#               A suffix /4, /6, or /46 may be used for establishing IPv4
#               only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
#               listening sockets. By default, separate IPv4 and IPv6
#               sockets are used.
#               For example: eloqsd/46
#
# ServiceHttp   The service name (as defined in /etc/services)
#               or the port number where the server should listen
#               for HTTP requests.
#               If neither ServiceHttp nor ServiceHttps are specified,
#               the HTTP/HTTPS status is disabled.
#               A suffix /4, /6, or /46 may be used (see Service above).
#
# ServiceHttps  The service name (as defined in /etc/services)
#               or the port number where the server should listen
#               for HTTPS (secure HTTP) requests.
#               This requires that TLS is configured (see below).
#               If neither ServiceHttp nor ServiceHttps are specified,
#               the HTTP/HTTPS status is disabled.
#               A suffix /4, /6, or /46 may be used (see Service above).

#Service = eloqsd
#ServiceHttp =
#ServiceHttps =

# UseKeepAlive  Numeric flag if the tcp keep alive socket option is used.
#               Valid values are 1 and 0, the default is 1.
#               If set the operating system may verify if the client is
#               still connected after a system defined time of inactivity.

#UseKeepAlive = 1

# panic         This option defines what should happen if a fatal
#               error is encountered.
#
#               The following options are valid:
#               exit    Terminate the process. This is the default.
#               dump    Terminate the process and create a core dump.
#
#               This is a problem tracking option. Unless you know what
#               you need the coredump for you probably want to stay with
#               the default.

#panic = exit

# HTTPUser      The eloqsd server is able to display status information by
#               supporting the HTTP protocol (you can use Netscape to monitor
#               the database server process, see ServiceHttp above).
#               If set, the eloqsd HTTP status display will require a
#               matching user name (HTTP basic authentication) before
#               allowing access to the eloqsd HTTP status. The default value
#               is empty.
#
# HTTPPswd      If set, the eloqsd HTTP status display will require a
#               matching password (HTTP basic authentication) before allowing
#               access to the eloqsd HTTP status. The default value is empty.

#HttpUser =
#HttpPswd =

# HTTPFrame     If set, no link information is output on the HTTP status
#               display. So the status page could be used in a web frame.
#               Default value is 0.

#HttpFrame = 0

# Lang          This configuration option defines the locale, the
#               server should use. The default value is "C".
#               The only locale currently supported is "C".
#
# Messages      This configuration option defines the language
#               for server messages. This value defaults to Lang.
#               The only locale currently supported is "C".
#
# Charset       This defines the character set encoding, the server
#               should use internally.
#
#               Valid settings are:
#                  HPROMAN8 - HP Roman8
#                  ISO8859/1 - ISO 8859/1
#               The default value for HP-UX is HPROMAN8, all other
#               platforms default to ISO8859/1.
#
#               This setting is used by the server to translate
#               client strings like user or file names.

#Lang = C
#Messages = C
#Charset = HPROMAN8

# AuthPolicy    This entry specifies, how user names and passwords
#               are validated. The following entries are valid:
#
#               server  - The server will validate passwords
#                         and user names using eloqsd.user
#
#               pam     - Users are authenticated through PAM
#                         (Pluggable Authentication Modules),
#                         the eloqsd.user configuration is not
#                         used
#
#               The default value is "server".
#
# userFile      The path/name of the eloqsd.user file.
#               The default value depends on your operating system:
#               HP-UX: /etc/opt/eloquence/8.4/eloqsd.user
#               Linux: /etc/opt/eloquence/8.4/eloqsd.user
#
# appFile       The path/name of the eloqsd.app file.
#               The default value depends on your operating system:
#               HP-UX: /etc/opt/eloquence/8.4/eloqsd.app
#               Linux: /etc/opt/eloquence/8.4/eloqsd.app
#
# shareFile     The path/name of the eloqsd.share file.
#               The default value depends on your operating system:
#               HP-UX: /etc/opt/eloquence/8.4/eloqsd.share
#               Linux: /etc/opt/eloquence/8.4/eloqsd.share
#
# pswdFile      The path/name of the eloqsd.pswd file.
#               The default value depends on your operating system:
#               HP-UX: /etc/opt/eloquence/8.4/eloqsd.pswd
#               Linux: /etc/opt/eloquence/8.4/eloqsd.pswd

#AuthPolicy = server
#userFile = /etc/opt/eloquence/8.4/eloqsd.user
#appFile = /etc/opt/eloquence/8.4/eloqsd.app
#shareFile = /etc/opt/eloquence/8.4/eloqsd.share
#pswdFile = /etc/opt/eloquence/8.4/eloqsd.pswd

# DefaultUID    The default name (or numeric id) of the system account
#               to run client processes as, unless a different setting
#               is provided for the user.
#
# DefaultGID    The default name (or numeric id) of the system group
#               to run client processes as, unless a different setting
#               is provided for the user.

DefaultUID = eloqsd
DefaultGID = eloqsd

# LogFile       This defines where log messages are written to.
#               This configuration value either specifies a path/file
#               or one of the keywords below:
#
#               console  - log messages are written to the console
#               syslog   - log messages will be sent to the
#                          syslog daemon
#
#               The default value is "syslog".

#LogFile = syslog

# SysIdent      When logging to the syslog daemon, you can define
#               a syslog identifier. Default is eloqsd.
#               See syslogd(1M) for more information
#
# SysFacility   When logging to the syslog daemon, you can define
#               a syslog facility (USER/DAEMON/LOCAL0..LOCAL7)
#               The default setting is "USER".
#               See syslogd(1M) for more information

#SysIdent = eloqsd
#SysFacility = USER

# LogFlags      Each log message has an associated origin and
#               severity. The log flags define, which messages will
#               be logged. The "*" origin matches all message origins,
#               so it can be used to setup a default which can be
#               overriden for a specific message origin (eg. "*1N0"):
#               Default LogFlags are "*0"
#
#               The following origin are in use:
#                  * = All origins
#                  C = Configuration subsystem
#                  D = Directory utilities (eloqsd.share)
#                  E = Program execution
#                  N = Network transport
#                  P = Protocol handling
#                  S = Server framework
#
#               The following severities are in use:
#                  L_ERROR  = 0   - error messages
#                  L_INFO   = 1   - information
#                  L_DEBUG  = 2   - debug
#                  L_VDEBUG = 3   - verbose debug
#
#               When using syslog, the following priorities
#               are mapped:
#                  L_ERROR  = LOG_ERR
#                  L_INFO   = LOG_NOTICE
#                  L_DEBUG  = LOG_DEBUG
#                  L_VDEBUG = LOG_DEBUG
#
#               Enabling log messages with L_DEBUG or L_VDEBUG severity
#               may result in a huge number of log messages.
#               To enable only fatal messages, you would want to set the
#               LogFlags to "*0", to enable regular log messages you
#               would want to set the LogFlags to "*1"

#LogFlags = *0

# Configuration items below are the more traditional eloqsd
# settings.
#
# MaxUsers      Maximum number of eloqcore processes on the local
#               system. The default value is 40.
#
# MaxTasks      Maximum number of TASKIDs to reserve for "secondary"
#               eloqcore processes. If you don't know what this is good
#               for, you probably don't need it :-)
#               The default value is 20
#

#MaxUsers = 40
#MaxTasks = 20


### Configure secure TLS (Transport Layer Security) communication

# The section below may be configured so that supported clients
# such as Eloquence JDLG can use TLS-encrypted communication over
# insecure (i.e., wide area Internet) network connections.
# In addition, the HTTPS status can be used (see above).
#
# To use TLS communication, a server certificate is needed for the
# eloqsd host name. JDLG and web browsers require a certificate which
# is issued by a known authority. In particular, the associated root
# certificate must be contained in the Java truststore / web browser
# cert store.
#
# Using TLS requires that OpenSSL version 0.9.8 or newer is installed.

[TLS]

# Enabled       If nonzero, TLS communication is enabled and the
#               configuration items below are read.
#               The default value is 0 (TLS communication disabled).

#Enabled = 0

# CertChainFile Absolute path to a file in PEM format containing the
#               server certificate and optionally any additional
#               intermediate certificates which represent the
#               verification chain up to the root certificate.
#               The certificates in this file must be sorted in the
#               verification order, starting with the server certificate.
#               The file may in addition contain the private key
#               associated with the server certificate, in which case
#               the CertKeyFile configuration below can be omitted.

#CertChainFile =

# CertKeyFile   Absolute path to a file in PEM format containing the
#               private key associated with the server certificate.
#               If this key is contained in the CertChainFile above,
#               configuring CertKeyFile is not necessary.

#CertKeyFile =

# RequiredFrom  Used to configure client network addresses which
#               are required to use secure TLS communication.
#               Note: This does not affect the HTTPS status.
#
# OptionalFrom  If RequiredFrom is configured, OptionalFrom may
#               be used to configure exceptions for client addresses
#               within the RequiredFrom address range(s) which are
#               not required to use secure TLS communication.
#
#               For example: RequiredFrom = All
#                            OptionalFrom = [::1]
#                            OptionalFrom = 127.0.0.1
#                            OptionalFrom = 192.168.1.0/24
#
#               RequiredFrom/OptionalFrom argument syntax:
#
#               { All | hostname | ip-address [/{addrbits|netmask]} }
#
#               Multiple RequiredFrom/OptionalFrom entries are
#               recognized and combined.
#
#               hostname is the name of a host or network that is
#               resolved into one or more ip addresses.
#
#               ip-address is either an IPv4 or IPv6 address.
#
#               * An IPv6 address, enclosed in square brackets, such
#               as [::1]. The addrbits option may be used to specify
#               the number of relevant bits in the IP address.
#
#               * An IPv4 address, such as 127.0.0.1. The addrbits
#               option may be used to specify the number of relevant
#               bits in the IP address. The netmask option allows to
#               specify an IPv4 network mask, such as 255.255.255.0.

#RequiredFrom =
#OptionalFrom =

See also

eloqsd


 
 
 
  Privacy | Webmaster | Terms of use | Impressum Revision: [B.08.40] 2024-05-16  
  Copyright © 1995-2024 Marxmeier Software AG