| Author |
Message
|
| RAJESHRAMAKRISHNAN |
 Posted: Thu Jul 01, 2004 1:56 am Post subject: MQ Client Security |
 |
|
Voyager
Joined: 01 May 2004
Posts: 96
|
| I want to implement Security exit for an MQ Client. Is it possible to implement this if the client is just using MQSERVER environment variable and not the CHLTAB file. |
|
| Back to top |
|
 |
| JasonE |
| Posted: Thu Jul 01, 2004 3:57 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
Only on ther server SVRCONN end... (And you can run with an exit just on the server side if you want, I believe)
The security exit is part of the MQCD, so using the implicit method of generating a CLNTCONN (ie MQSERVER) just gives you an MQCD with default attributes, and no security exit |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Jul 02, 2004 2:17 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
I've developed BlockIP to help secure channels including SVRCONN, you should take a look on it...
http://www.mrmq.dk/BlockIP.htm
You can configure it in 10 secs (win+linux) or after compilation on other platforms. There are an GA version and a Beta (very near GA), today I would try the Beta, it's working ok. 
I guess it do something like 80% of whant you need regaring security... 
Just my $0.02
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| RAJESHRAMAKRISHNAN |
| Posted: Sun Jul 04, 2004 6:25 pm Post subject: |
|
|
Voyager
Joined: 01 May 2004
Posts: 96
|
|
| Back to top |
|
|
| awatson72 |
| Posted: Fri Jul 09, 2004 7:36 am Post subject: |
|
|
Acolyte
Joined: 14 Apr 2004
Posts: 69
Location: Freeport, Maine
|
Has anyone been able to get the BlockIP exit to work on a QM that lives on AIX?
When the exit executes, I get the following in the log:
____
AMQ6175: The system could not dynamically load the library
/var/mqm/exits/BlockIP2. The error message was 0509-022 Cannot load module
/var/mqm/exits/BlockIP2.
0509-108 The .loader section does not exist.. The
queue manager will continue without this module.
____
A compliation problem perhaps?
_________________
Andrew Watson
L.L. Bean, Inc. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Jul 09, 2004 9:48 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| awatson72 wrote: |
Has anyone been able to get the BlockIP exit to work on a QM that lives on AIX?
|
Yup! look in the source for compilation instructions
(I tested them on AIX 5.2 with MQ 5.3)
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| awatson72 |
| Posted: Fri Jul 09, 2004 10:28 am Post subject: |
|
|
Acolyte
Joined: 14 Apr 2004
Posts: 69
Location: Freeport, Maine
|
Thanks Michael, I should have gone into more detail in my original post...
I did in fact read those comments in the source and attempted to run:
cc -G -I/usr/include -I/usr/mqm/inc -L/usr/mqm/lib -o BlockIP2 BlockIP2.c
(cc is soft-linked to gcc for some reason)
However, I got an error stating:
unrecognized option '-G'
When I replaced the -G with a -c, it compiled without errors. But the exit failed as described. Not knowing much about C compilers, I can speculate that the -G switch might be a neccessity, even though no errors are reported by the compiler.
Any thoughts on that? many thanks.
_________________
Andrew Watson
L.L. Bean, Inc. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Jul 09, 2004 10:50 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
to tell you the truth, I am no C expert either and got this working in trail on error mode 
Do you have a system with IBM C compiler installed?
I am sure I use IBM C instead of gcc on AIX!
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| awatson72 |
| Posted: Mon Jul 12, 2004 10:55 am Post subject: |
|
|
Acolyte
Joined: 14 Apr 2004
Posts: 69
Location: Freeport, Maine
|
FYI for anyone interested - I got this working by recompiling using the syntax for the GCC compiler on Linux since we aren't using cc. More than I ever wanted to know about c compilers.
_________________
Andrew Watson
L.L. Bean, Inc. |
|
| Back to top |
|
|
|
|
