| Author |
Message
|
| klamerus |
 Posted: Thu Sep 07, 2006 2:52 am Post subject: Security Configuration |
 |
|
Disciple
Joined: 05 Jul 2004
Posts: 199
Location: Detroit, MI
|
Here's a scenario.
I do a lot of self-help/training/tinkering on my laptop, which is Win XP.
That's pretty limiting, so I have VMWare installed and have guest OSs including Linux, Windows 2003 and Vista.
I've got MQ and SQL Server and Oracle and other packages installed on the Win 2003.
I can develop against this, but since neither sits in the same domain as the other I have to use provide security information with this tinkering. For instance, I need to pass along the username/domain and password for connecting to SQL Server.
I can't find a way to set up MQ to support this. Does anyone have an example of how they would set up any server (not necessarily my situation) and also code (I'm using VB.Net) that provides user and password credentials that will allow me to connect to the queue manager I'm running? It seems that whatever I do, I'm rejected by the security.
Thanks,
Mark |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Sep 30, 2006 5:35 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Have you looked at setting the security on the DCom / DCom + objects?
What did you try?
What does the M$ knowledge base tell you to do. I am sure if you search right the topic has already been covered in one of the M$ forums.... cause it can't be that unique... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Sep 30, 2006 8:09 am Post subject: Re: Security Configuration |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| klamerus wrote: |
| Does anyone have an example of how they would set up any server (not necessarily my situation) and also code (I'm using VB.Net) that provides user and password credentials that will allow me to connect to the queue manager I'm running? It seems that whatever I do, I'm rejected by the security. |
MQ (standard package) does not support UserId and Password authentication against a queue manager. For VB.NET, the MQ client libraries will pickup your current UserId and make the connection with it.
If you want a full authenticating solution for MQ then I suggest you have a look at MQ Authenticate User Security Exit:
http://www.capitalware.biz/mqausx_overview.html
If you would like a free 30-day trial then drop me an email.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| klamerus |
| Posted: Sun Oct 01, 2006 5:07 pm Post subject: |
|
|
Disciple
Joined: 05 Jul 2004
Posts: 199
Location: Detroit, MI
|
I was beginning to think this last statement might be true.
Given I'm connecting to the server from a client that doesn't share the same domain, it seems like I need to configure the MQ manager to accept incoming requests from anyone, anywhere.
How would I set up the server to accept requests like this? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Sun Oct 01, 2006 6:02 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Configure SSL and set an MCAUser on the svrconn.
Or buy WebSphere MQ Extended Security Edition. Or Roger's software.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| klamerus |
| Posted: Mon Oct 02, 2006 2:29 am Post subject: |
|
|
Disciple
Joined: 05 Jul 2004
Posts: 199
Location: Detroit, MI
|
What I mean was what group do I need to add to the queue manager security to allow for the anyone/anywhere to attach and put messages?
It seems to me that I've tried the everyone account and that isn't sufficient. I"m not sure if I need to allow guest or what. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Oct 02, 2006 2:40 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Okay, let's be straight. This is just for development, right? Not for production?
Then set the MCA user on the channel to a user in the correct domain.
You can't really configure MQ to run on Windows and go out and ask a Unix server if someone is a valid user on that machine, nor run on Unix and ask a Windows domain if someone is a valid user in that domain. That's really way outside the scope of the OAM - and you will have the same problems with SQLServer and MySQL and Oracle and etc.
If you're dealing strictly with Windows security domains, then you can have MQ handle that - but it's entirely a domain security configuration problem and not an MQ problem. The domains have to trust each other, and various kinds of permissions need to be granted to the MQ service user and etc. etc.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
