Expand Collapse
Just a second...

DSL syntax: system authentication store

The scripts that you can use with the SystemAuthenticationControl feature to update the system authentication store are formatted according to a domain-specific language (DSL). You can use the script builders provided in the APIs to create a script to update the system authentication store. However, if you want to create the script by some other method, ensure that it conforms to the DSL.

Note: Instead of editing the SystemAuthentication.store file directly, you should use a client to update the system authentication store information.

The following sections each describe the syntax for a single line of the file.

Adding a principal

Railroad diagram
A railroad diagram that describes the syntax used to add a principal to the system authentication store: ADD PRINCIPAL principal password. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
add principal " principal_name " " password " [ '[' " role " [ , " role " ] ']' ]
Example 
add principal "user6" "passw0rd"
add principal "user13" "passw0rd" ["CLIENT", "TOPIC_CONTROL"]

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Removing a principal

Railroad diagram
A railroad diagram that describes the syntax used to remove a principal from the system authentication store: REMOVE PRINCIPAL principal.
Backus-Naur form
remove principal " principal_name "
Example 
remove principal "user25"

Assigning roles to a principal

Railroad diagram
A railroad diagram that describes the syntax used to assign roles to a principal in the system authentication store: ASSIGN ROLES principal, followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
assign roles " principal_name " '[' " role " [ , " role " ] ']'
Example 
assign roles "agent77" ["CLIENT", "CLIENT_CONTROL"]

When you use this command to assign roles to a principal, it overwrites any existing roles assigned to that principal. Ensure that all the roles you want the principal to have are listed in the command.

Setting the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to set the password of a principal in the system authentication store: SET PASSWORD principal password.
Backus-Naur form
set password " principal_name " " password "
Example 
set password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Verifying the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to verify the password of a principal in the system authentication store: VERIFY PASSWORD principal password.
Backus-Naur form
verify password " principal_name " " password "
Example 
verify password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Allowing anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to allow anonymous connections: ALLOW ANONYMOUS CONNECTIONS. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
allow anonymous connections [ '[' " role " [ , " role " ] ']' ]
Example 
allow anonymous connections [ "CLIENT" ]

Denying anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to deny anonymous connections: DENY ANONYMOUS CONNECTIONS.
Backus-Naur form
deny anonymous connections
Example 
deny anonymous connections

Abstaining from providing a decision about anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to abstain from decisions about anonymous connections: ABSTAIN ANONYMOUS CONNECTIONS.
Backus-Naur form
abstain anonymous connections
Example 
abstain anonymous connections

This page last modified: 2019/11/22