ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Performance Monitoring » MO71 problem

Post new topic  Reply to topic Goto page Previous  1, 2
 MO71 problem « View previous topic :: View next topic » 
Author Message
Twilight
PostPosted: Wed Aug 31, 2005 9:18 am    Post subject: Reply with quote

Apprentice

Joined: 04 Aug 2004
Posts: 49
RogerLacroix wrote:
Since you are asking how to break the security mechanism, why don't you ask it as such?

If Ye had searched, then Ye would have found:
http://www.mqseries.net/phpBB2/viewtopic.php?t=21782

Regards,
Roger Lacroix
Capitalware Inc.

Roger,
After more research, I'll make Client user exit that get a user entered MF userid/pswd and encrypted, pass to MF RACF to verify it before connected.
MF exit will set MCAuser with client entered userid that is verified by RACF to process a request.
Also, we have MQ security setup to preventing acess MQ commands already.
Thanks.
_________________
WMQ/WMQI/WBI Consultant
Toronto, Canada
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Wed Aug 31, 2005 7:52 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
Hi,
Quote:
I'll make Client user exit that get a user entered MF userid/pswd and encrypted, pass to MF RACF to verify it before connected.
MF exit will set MCAuser with client entered userid that is verified by RACF to process a request.

Well, that is the politically correct answer, if some from your company is watching but that is not what you were asking.

That 'dummy' exit I pointed you to will cause the client-side MQ libraries to not set the UserID. This will cause you to have full access to the remote queue manager on z/OS. Read my posting here a few times and you will understand why:
http://www.mqseries.net/phpBB2/viewtopic.php?t=17842

Now that you have read it, you will understand why this statement cannot possibly be true:
Quote:
Also, we have MQ security setup to preventing acess MQ commands already.

If you don't believe me download MQ Visual Edit and connect to your z/OS queue manager (leave the UserID blank). If the 'List' button on the Open Queue panel works then you have MQ Admin rights.

Now if you still want to create a z/OS MQ security exit and a Windows client-side security exit AND learn about the good, bad & ugly of cryptology, be my guess, but make sure your boss knows what you are up to. Because you will be spending hundreds if not thousands of hours on this project. I know this from first hand experience.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » IBM MQ Performance Monitoring » MO71 problem
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.