Expand Collapse
Just a second...

DSL syntax: system authentication store

The scripts that you can use with the SystemAuthenticationControl feature to update the system authentication store are formatted according to a domain-specific language (DSL). You can use the script builders provided in the APIs to create a script to update the system authentication store. However, if you want to create the script by some other method, ensure that it conforms to the DSL.

The following sections each describe the syntax for a single line of the file.

Adding a principal

Railroad diagram
A railroad diagram that describes the syntax used to add a principal to the system authentication store: ADD PRINCIPAL principal password. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
add principal " principal_name " " password " [ '[' " role " [ , " role " ] ']' ]
Example 
add principal "user6" "passw0rd"
add principal "user13" "passw0rd" ["CLIENT", "TOPIC_CONTROL"]

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Removing a principal

Railroad diagram
A railroad diagram that describes the syntax used to remove a principal from the system authentication store: REMOVE PRINCIPAL principal.
Backus-Naur form
remove principal " principal_name "
Example 
remove principal "user25"

Assigning roles to a principal

Railroad diagram
A railroad diagram that describes the syntax used to assign roles to a principal in the system authentication store: ASSIGN ROLES principal, followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
assign roles " principal_name " '[' " role " [ , " role " ] ']'
Example 
assign roles "agent77" ["CLIENT", "CLIENT_CONTROL"]

When you use this command to assign roles to a principal, it overwrites any existing roles assigned to that principal. Ensure that all the roles you want the principal to have are listed in the command.

Setting the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to set the password of a principal in the system authentication store: SET PASSWORD principal password.
Backus-Naur form
set password " principal_name " " password "
Example 
set password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Verifying the password for a principal

Railroad diagram
A railroad diagram that describes the syntax used to verify the password of a principal in the system authentication store: VERIFY PASSWORD principal password.
Backus-Naur form
verify password " principal_name " " password "
Example 
verify password "user1" "passw0rd"

The password is passed in as plain text, but is stored in the system authentication store as a secure hash.

Allowing anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to allow anonymous connections: ALLOW ANONYMOUS CONNECTIONS. This can, optionally, be followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
allow anonymous connections [ '[' " role " [ , " role " ] ']' ]
Example 
allow anonymous connections [ "CLIENT" ]

Denying anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to deny anonymous connections: DENY ANONYMOUS CONNECTIONS.
Backus-Naur form
deny anonymous connections
Example 
deny anonymous connections

Abstaining from providing a decision about anonymous connections

Railroad diagram
A railroad diagram that describes the syntax used to tell the system authentication handler to abstain from decisions about anonymous connections: ABSTAIN ANONYMOUS CONNECTIONS.
Backus-Naur form
abstain anonymous connections
Example 
abstain anonymous connections

This page last modified: 2018/10/28