|
The eloqsd.cfg configuration file defines eloqsd configuration.
The section names are not case sensitive. String values can be
enclosed in double quotes to protect leading or trailing spaces.
An unquoted hash character (#) starts a comment.
The following configuration items are recognized:
- Service
-
Specifies the service name (as defined in /etc/services)
or the port number where the server should listen for
requests. The default value is eloqsd.
A suffix /4, /6, or /46 may be used for establishing IPv4
only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
listening sockets. By default, separate IPv4 and IPv6
sockets are used.
For example: eloqsd/46
- ServiceHttp
-
Specifies the service name (as defined in /etc/services)
or the port number where the server should listen for
HTTP requests.
If neither ServiceHttp nor ServiceHttps
are specified, the HTTP/HTTPS status is disabled.
A suffix may specify support of the IPv4 and IPv6 protocol.
By default, separate IPv4 and IPv6 sockets are used.
- ServiceHttps
-
Specifies the service name (as defined in /etc/services)
or the port number where the server should listen for
HTTPS (secure HTTP) requests.
If neither ServiceHttp nor ServiceHttps
are specified, the HTTP/HTTPS status is disabled.
Enabling the secure HTTP protcol requires that
TLS is configured.
A suffix may specify support of the IPv4 and IPv6 protocol.
By default, separate IPv4 and IPv6 sockets are used.
- Panic
-
This configuration item specifies what happens if eloqsd is
aborted due to a fatal problem.
The following options are valid:
- exit - Terminate the process. This is the default.
- dump - Terminate the process and create a core dump.
panic = dump is a problem tracking option. Unless you
know what you need the coredump for you probably want to stay
with the default.
- HttpUser
-
If set, the eloqsd HTTP status display will require a
matching user name (HTTP basic authentication) before
allowing access to the eloqsd HTTP status. The default value
is empty.
- HttpPswd
-
If set, the eloqsd HTTP status display will require a
matching password (HTTP basic authentication) before allowing
access to the eloqsd HTTP status. The default value is empty.
- HttpFrame
-
Numeric flag if the links should be omitted in the HTTP status.
The default value is 0.
- Lang
-
This configuration option defines the locale, the
server should use. The default value is "C".
The only locale currently supported is "C".
- Messages
-
This configuration option defines the language
for server messages. This value defaults to Lang.
The only locale currently supported is "C".
- Charset
-
This defines the character set encoding, the server
should use internally. Valid settings are:
-
HPROMAN8 - HP Roman8
-
ISO8859/1 - ISO 8859/1
The default value for HP-UX is HPROMAN8, all other
platforms default to ISO8859/1.
This setting is used by the server to translate
client strings like user or file names.
- AuthPolicy
-
The AuthPolicy config item specifies, how user names
and passwords are validated by default. The following options
are valid:
- server
- On HP-UX and Linux the server will validate passwords and
user names using the userFile
(eloqsd.user).
On Windows the server will validate user names using the
userFile and pass the
resulting uid
(Windows account) and the password to the operating system.
After a successful login, the process continues to run with the
user's permissions.
- user (Windows)
- An operating system user account must be used to run the
server which must be different from the SYSTEM account.
All processes are run with this account's permissions. The
userFile is used to validate
both user names and passwords.
- pam (HP-UX and Linux)
- Users are authenticated through PAM
(Pluggable Authentication Modules), the
userFile configuration
is not used.
The default value is "server".
- LogonType (Windows)
-
If AuthPolicy is set to "server",
the LogonType item specifies how to logon a user to the
operating system. The following options are valid:
- interactive
- The "interactive" logon type is used. This mode grants
access to all resources the same user would have when logging on
interactively.
Note that on Windows domain controllers, this requires the
"allow log on locally" user right to be granted in the Windows
Domain Controller Security Policy.
- batch
- The "batch" logon type is used which is meant for
background processes. This was used originally in older eloqsd
versions but turned out to be restricted in recent Windows server
versions. It requires the "log on as a batch job" user right to
be granted.
The default value is "interactive".
- userFile
-
The path/name of the eloqsd.user file.
The default is eloqsd.user in the Eloquence configuration directory.
- appFile
-
The path/name of the eloqsd.app file.
The default is eloqsd.app in the Eloquence configuration directory.
- shareFile
-
The path/name of the eloqsd.share file.
The default is eloqsd.share in the Eloquence configuration directory.
- pswdFile
-
The path/name of the eloqsd.pswd file.
The eloqsd.pswd file holds encrypted eloqsd passwords.
The default is eloqsd.pswd in the Eloquence configuration directory.
- DefaultUID
-
The name (or numeric id) of the system account to run client processes
as, unless a different setting is provided for the user.
On Windows if this account is located on a domain server, it must be
prefixed with the domain name followed by a backslash
character (DOMAIN\username).
DefaultUID = eloqsd
#DefaultUID = Guest
- DefaultGID (HP-UX, Linux)
-
The name (or numeric id) of the system group to run client processes
as, unless a different setting is provided for the user.
DefaultGID = eloqsd
- LogFile
-
This defines where log messages are written to.
This configuration value either specifies a path/file
or one of the keywords below:
- console - log messages are written to the console
- syslog - log messages will be sent to the
syslog daemon (HP-UX, Linux) or the Windows Event Log.
The default value is "syslog".
- SysIdent (HP-UX, Linux)
SysFacility (HP-UX, Linux)
-
This may be used to specify the syslog identifier and facility.
Supported facility values are: USER/DAEMON/LOCAL0..LOCAL7.
The default syslog identifier is "eloqsd".
The default syslog facility is "USER".
Please refer to syslogd(1M) for more information.
For example:
SysIdent = eloqsd
SysFacility = USER
- LogFlags
-
Each log message has an associated origin and
severity. The log flags define, which messages will
be logged. The "*" origin matches all message origins,
so it can be used to setup a default which can be
overridden for a specific message origin (eg. "*1N0").
Default LogFlags are "*0"
The following origins are in use:
-
* = All origins
-
C = Configuration subsystem
-
N = Network transport
-
P = Protocol handling
The following severities are in use:
-
ERROR = 0 - error messages
-
INFO = 1 - information
-
DEBUG = 2 - debug
-
VDEBUG = 3 - verbose debug
When using syslog, the following priorities
are mapped:
-
ERROR = LOG_ERR
-
INFO = LOG_NOTICE
-
DEBUG = LOG_DEBUG
-
VDEBUG = LOG_DEBUG
Enabling log messages with DEBUG or VDEBUG severity
may result in a huge number of log messages.
To suppress anything but fatal messages, you can set
LogFlags to "*0". To enable informational log messages
LogFlags should be set to "*1".
- MaxUsers (HP-UX, Linux)
MaxTasks (HP-UX, Linux)
-
The MaxUsers configuration item specifies the maximum
number of TASKIDs. This also limits the number of concurrent eloqcore processes. The default value is 40.
The MaxTasks configuration item specifies the maximum
number of TASKIDs to reserve for "secondary" eloqcore processes.
The default value is 20.
MaxUsers = 40
MaxTasks = 20
- [TLS]
-
The eloqsd server may be configured to accept TLS-encrypted network
connections. JDLG
2.0 can use this to securely communicate over insecure network
(wide area Internet) connections.
In addition, the HTTPS status can be used.
To use TLS communication, a server certificate is needed for the eloqsd
host name. JDLG and web browsers require a certificate which is issued
by a known authority. In particular, the associated root certificate
must be contained in the Java truststore / web browser cert store.
Using TLS requires that OpenSSL version 0.9.8 or newer is installed.
If the JDLG 2.0 tls application configuration attribute is enabled,
network communication between JDLG and the eloqsd server is TLS-encrypted.
In addition, if the
rdlg protocol
is configured, the DLG communication between JDLG and the application is
TLS-encrypted as well.
- [TLS] Enabled
-
If nonzero, TLS communication is enabled and the other configuration
items in the [TLS] section are read.
The default value is 0 (TLS communication disabled).
- [TLS] CertChainFile
-
Absolute path to a file in PEM format containing the server certificate
and optionally any additional intermediate certificates which represent
the verification chain up to the root certificate.
The certificates in this file must be sorted in the verification order,
starting with the server certificate.
The file may in addition contain the private key associated with the
server certificate, in which case the
CertKeyFile configuration
below can be omitted.
- [TLS] CertKeyFile
-
Absolute path to a file in PEM format containing the
private key associated with the server certificate.
If this key is contained in the
CertChainFile above,
configuring CertKeyFile is not necessary.
- [TLS] RequiredFrom
[TLS] OptionalFrom
-
RequiredFrom is used to configure client network addresses which
are required to use secure TLS communication.
Note: This does not affect the
HTTPS status.
If RequiredFrom is configured, OptionalFrom may be used to
configure exceptions for client addresses within the RequiredFrom
address range(s) which are not required to use secure TLS communication.
For example:
RequiredFrom = All
OptionalFrom = [::1]
OptionalFrom = 127.0.0.1
OptionalFrom = 192.168.1.0/24
RequiredFrom / OptionalFrom argument syntax:
{ All | hostname | ip-address [/{addrbits|netmask}] }
-
Multiple RequiredFrom / OptionalFrom entries
are recognized and combined.
-
hostname is the name of a host or network that is resolved into one
or more ip addresses.
-
ip-address is either an IPv4 or IPv6 address.
-
An IPv6 address, enclosed in square brackets, such as [::1].
The addrbits option may be used to specify the number of relevant
bits in the IP address.
-
An IPv4 address, such as 127.0.0.1. The addrbits option may be used
to specify the number of relevant bits in the IP address.
The netmask option allows to specify an IPv4 network mask, such as
255.255.255.0.
Changes
The B.08.30 release added support for IPv6 and the https protocol
with TLS encryption.
eloqsd.cfg template file
A default configuration file eloqsd.cfg is installed and may be customized.
A template eloqsd config file is installed as
newconfig/config/eloqsd.cfg.
# @(#) eloqsd.cfg - B.08.40 ($Revision: 29.2 $)
#
# The purpose of this file is to define the eloqsd properties.
# It is installed in the location:
# /etc/opt/eloquence/8.4/eloqsd.cfg
#
# This file is read once at eloqsd startup.
#
# Format:
#
# The section names are not case sensitive. String values can be
# enclosed in double quotes to protect leading or trailing spaces.
# Everything after a hash (#) character is considered a comment.
# Default values are provided commented out.
### Server configuration
[Config]
# Service The service name (as defined in /etc/services)
# or the port number where the server should listen
# for requests. The default value is eloqsd.
#
# A suffix /4, /6, or /46 may be used for establishing IPv4
# only, IPv6 (with implied IPv4) or separate IPv4 and IPv6
# listening sockets. By default, separate IPv4 and IPv6
# sockets are used.
# For example: eloqsd/46
#
# ServiceHttp The service name (as defined in /etc/services)
# or the port number where the server should listen
# for HTTP requests.
# If neither ServiceHttp nor ServiceHttps are specified,
# the HTTP/HTTPS status is disabled.
# A suffix /4, /6, or /46 may be used (see Service above).
#
# ServiceHttps The service name (as defined in /etc/services)
# or the port number where the server should listen
# for HTTPS (secure HTTP) requests.
# This requires that TLS is configured (see below).
# If neither ServiceHttp nor ServiceHttps are specified,
# the HTTP/HTTPS status is disabled.
# A suffix /4, /6, or /46 may be used (see Service above).
#Service = eloqsd
#ServiceHttp =
#ServiceHttps =
# UseKeepAlive Numeric flag if the tcp keep alive socket option is used.
# Valid values are 1 and 0, the default is 1.
# If set the operating system may verify if the client is
# still connected after a system defined time of inactivity.
#UseKeepAlive = 1
# panic This option defines what should happen if a fatal
# error is encountered.
#
# The following options are valid:
# exit Terminate the process. This is the default.
# dump Terminate the process and create a core dump.
#
# This is a problem tracking option. Unless you know what
# you need the coredump for you probably want to stay with
# the default.
#panic = exit
# HTTPUser The eloqsd server is able to display status information by
# supporting the HTTP protocol (you can use Netscape to monitor
# the database server process, see ServiceHttp above).
# If set, the eloqsd HTTP status display will require a
# matching user name (HTTP basic authentication) before
# allowing access to the eloqsd HTTP status. The default value
# is empty.
#
# HTTPPswd If set, the eloqsd HTTP status display will require a
# matching password (HTTP basic authentication) before allowing
# access to the eloqsd HTTP status. The default value is empty.
#HttpUser =
#HttpPswd =
# HTTPFrame If set, no link information is output on the HTTP status
# display. So the status page could be used in a web frame.
# Default value is 0.
#HttpFrame = 0
# Lang This configuration option defines the locale, the
# server should use. The default value is "C".
# The only locale currently supported is "C".
#
# Messages This configuration option defines the language
# for server messages. This value defaults to Lang.
# The only locale currently supported is "C".
#
# Charset This defines the character set encoding, the server
# should use internally.
#
# Valid settings are:
# HPROMAN8 - HP Roman8
# ISO8859/1 - ISO 8859/1
# The default value for HP-UX is HPROMAN8, all other
# platforms default to ISO8859/1.
#
# This setting is used by the server to translate
# client strings like user or file names.
#Lang = C
#Messages = C
#Charset = HPROMAN8
# AuthPolicy This entry specifies, how user names and passwords
# are validated. The following entries are valid:
#
# server - The server will validate passwords
# and user names using eloqsd.user
#
# pam - Users are authenticated through PAM
# (Pluggable Authentication Modules),
# the eloqsd.user configuration is not
# used
#
# The default value is "server".
#
# userFile The path/name of the eloqsd.user file.
# The default value depends on your operating system:
# HP-UX: /etc/opt/eloquence/8.4/eloqsd.user
# Linux: /etc/opt/eloquence/8.4/eloqsd.user
#
# appFile The path/name of the eloqsd.app file.
# The default value depends on your operating system:
# HP-UX: /etc/opt/eloquence/8.4/eloqsd.app
# Linux: /etc/opt/eloquence/8.4/eloqsd.app
#
# shareFile The path/name of the eloqsd.share file.
# The default value depends on your operating system:
# HP-UX: /etc/opt/eloquence/8.4/eloqsd.share
# Linux: /etc/opt/eloquence/8.4/eloqsd.share
#
# pswdFile The path/name of the eloqsd.pswd file.
# The default value depends on your operating system:
# HP-UX: /etc/opt/eloquence/8.4/eloqsd.pswd
# Linux: /etc/opt/eloquence/8.4/eloqsd.pswd
#AuthPolicy = server
#userFile = /etc/opt/eloquence/8.4/eloqsd.user
#appFile = /etc/opt/eloquence/8.4/eloqsd.app
#shareFile = /etc/opt/eloquence/8.4/eloqsd.share
#pswdFile = /etc/opt/eloquence/8.4/eloqsd.pswd
# DefaultUID The default name (or numeric id) of the system account
# to run client processes as, unless a different setting
# is provided for the user.
#
# DefaultGID The default name (or numeric id) of the system group
# to run client processes as, unless a different setting
# is provided for the user.
DefaultUID = eloqsd
DefaultGID = eloqsd
# LogFile This defines where log messages are written to.
# This configuration value either specifies a path/file
# or one of the keywords below:
#
# console - log messages are written to the console
# syslog - log messages will be sent to the
# syslog daemon
#
# The default value is "syslog".
#LogFile = syslog
# SysIdent When logging to the syslog daemon, you can define
# a syslog identifier. Default is eloqsd.
# See syslogd(1M) for more information
#
# SysFacility When logging to the syslog daemon, you can define
# a syslog facility (USER/DAEMON/LOCAL0..LOCAL7)
# The default setting is "USER".
# See syslogd(1M) for more information
#SysIdent = eloqsd
#SysFacility = USER
# LogFlags Each log message has an associated origin and
# severity. The log flags define, which messages will
# be logged. The "*" origin matches all message origins,
# so it can be used to setup a default which can be
# overriden for a specific message origin (eg. "*1N0"):
# Default LogFlags are "*0"
#
# The following origin are in use:
# * = All origins
# C = Configuration subsystem
# D = Directory utilities (eloqsd.share)
# E = Program execution
# N = Network transport
# P = Protocol handling
# S = Server framework
#
# The following severities are in use:
# L_ERROR = 0 - error messages
# L_INFO = 1 - information
# L_DEBUG = 2 - debug
# L_VDEBUG = 3 - verbose debug
#
# When using syslog, the following priorities
# are mapped:
# L_ERROR = LOG_ERR
# L_INFO = LOG_NOTICE
# L_DEBUG = LOG_DEBUG
# L_VDEBUG = LOG_DEBUG
#
# Enabling log messages with L_DEBUG or L_VDEBUG severity
# may result in a huge number of log messages.
# To enable only fatal messages, you would want to set the
# LogFlags to "*0", to enable regular log messages you
# would want to set the LogFlags to "*1"
#LogFlags = *0
# Configuration items below are the more traditional eloqsd
# settings.
#
# MaxUsers Maximum number of eloqcore processes on the local
# system. The default value is 40.
#
# MaxTasks Maximum number of TASKIDs to reserve for "secondary"
# eloqcore processes. If you don't know what this is good
# for, you probably don't need it :-)
# The default value is 20
#
#MaxUsers = 40
#MaxTasks = 20
### Configure secure TLS (Transport Layer Security) communication
# The section below may be configured so that supported clients
# such as Eloquence JDLG can use TLS-encrypted communication over
# insecure (i.e., wide area Internet) network connections.
# In addition, the HTTPS status can be used (see above).
#
# To use TLS communication, a server certificate is needed for the
# eloqsd host name. JDLG and web browsers require a certificate which
# is issued by a known authority. In particular, the associated root
# certificate must be contained in the Java truststore / web browser
# cert store.
#
# Using TLS requires that OpenSSL version 0.9.8 or newer is installed.
[TLS]
# Enabled If nonzero, TLS communication is enabled and the
# configuration items below are read.
# The default value is 0 (TLS communication disabled).
#Enabled = 0
# CertChainFile Absolute path to a file in PEM format containing the
# server certificate and optionally any additional
# intermediate certificates which represent the
# verification chain up to the root certificate.
# The certificates in this file must be sorted in the
# verification order, starting with the server certificate.
# The file may in addition contain the private key
# associated with the server certificate, in which case
# the CertKeyFile configuration below can be omitted.
#CertChainFile =
# CertKeyFile Absolute path to a file in PEM format containing the
# private key associated with the server certificate.
# If this key is contained in the CertChainFile above,
# configuring CertKeyFile is not necessary.
#CertKeyFile =
# RequiredFrom Used to configure client network addresses which
# are required to use secure TLS communication.
# Note: This does not affect the HTTPS status.
#
# OptionalFrom If RequiredFrom is configured, OptionalFrom may
# be used to configure exceptions for client addresses
# within the RequiredFrom address range(s) which are
# not required to use secure TLS communication.
#
# For example: RequiredFrom = All
# OptionalFrom = [::1]
# OptionalFrom = 127.0.0.1
# OptionalFrom = 192.168.1.0/24
#
# RequiredFrom/OptionalFrom argument syntax:
#
# { All | hostname | ip-address [/{addrbits|netmask]} }
#
# Multiple RequiredFrom/OptionalFrom entries are
# recognized and combined.
#
# hostname is the name of a host or network that is
# resolved into one or more ip addresses.
#
# ip-address is either an IPv4 or IPv6 address.
#
# * An IPv6 address, enclosed in square brackets, such
# as [::1]. The addrbits option may be used to specify
# the number of relevant bits in the IP address.
#
# * An IPv4 address, such as 127.0.0.1. The addrbits
# option may be used to specify the number of relevant
# bits in the IP address. The netmask option allows to
# specify an IPv4 network mask, such as 255.255.255.0.
#RequiredFrom =
#OptionalFrom =
eloqsd
|
|