| Author |
Message |
 Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
 Forum: IBM MQ Security Posted: Thu Aug 19, 2010 9:41 am Subject: QMgr-to-QMgr security |
It’s all working now.
For the benefit of all that visit mqseries.net, please explain how you resolved this.
Here it's:
Objective described:
Api123
Posted: Mon Aug 16, 2010 9:27 am ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Thu Aug 19, 2010 7:01 am Subject: QMgr-to-QMgr security |
| The POC environment we testing on is Windows. In this post any time mqm was mentioned, it’s a Windows group that by default have higher set of privileges on WMQ objects. Any Time a user was mentione ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Wed Aug 18, 2010 12:00 pm Subject: QMgr-to-QMgr security |
The MCA is just another WMQ application - a process, a daemon. It uses the same MQI calls that any other application would use.
The MCA process needs an identity, a username/userid. It may take o ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Wed Aug 18, 2010 11:30 am Subject: QMgr-to-QMgr security |
I strongly suggest that you refer to the WMQ INTERCOMMUNICATIONS manual, where PUTAUT and other channel attributes are explained.
Thanks. I thinks it's page 94 WebSphere MQ: Intercommunication |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Wed Aug 18, 2010 10:50 am Subject: QMgr-to-QMgr security |
What does this mean? What is getting replaced and with what?
If ABC123 is the MCAUSER defined for a RCVR channel with PUTAUT(CTX). User ABC100 tries to put a message vi that channel what happens? Ca ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Wed Aug 18, 2010 9:42 am Subject: QMgr-to-QMgr security |
the message put should be rejected as the MCAUSER on the RCVR channel will only allow ABC123 who is not a member of the mqm or the Administrators group with in that domain.
NO.
MCAUSER replaces ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Wed Aug 18, 2010 9:09 am Subject: QMgr-to-QMgr security |
| And now anyone on QM2 can create a message with mqm in the MQMD Header and send to any queue they want on QM1. Don't use PUTAUT(CONTEXT) unless you have complete control of QM2 and everyone and anyone ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Tue Aug 17, 2010 6:23 am Subject: QMgr-to-QMgr security |
You guys are real help. Thanks All
Thank Roger,
Indeed PUTAUT was set to (DEF)
Now I receive the expected errors at
QM1:
AMQ9544: Messages not put to destination queue.
QM2:
AMQ8077: Entity 'te ... |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Mon Aug 16, 2010 11:53 am Subject: QMgr-to-QMgr security |
| Still I can put messages with other users than the one defined on RCVR channel. What are possibilities that MCAUSER on RCVR channel is deemed ineffective? |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Mon Aug 16, 2010 11:16 am Subject: QMgr-to-QMgr security |
| I'll double check the configuration assuming MCAUSER on SVRCONN and RCVR channel is identical |
| Topic: QMgr-to-QMgr security |
Api123
Replies: 28
Views: 27600
|
Forum: IBM MQ Security Posted: Mon Aug 16, 2010 9:27 am Subject: QMgr-to-QMgr security |
Hi All,
The objective is allowing only the defined MCAUSER on inbound MCA channel (RCVR) to put messages on a queue.
QM1: I’ve set MCAUSER on an inbound MCA channel (RCVR). Used setmqaut to give ... |
| Topic: Named Properties with the Message data |
Api123
Replies: 3
Views: 6421
|
Forum: IBM MQ API Support Posted: Fri Aug 06, 2010 12:55 pm Subject: Named Properties with the Message data |
| Thanks Victor, This would make lots of sense. Since originally the developer was developing with JMS. Excellent |
| Topic: Named Properties with the Message data |
Api123
Replies: 3
Views: 6421
|
Forum: IBM MQ API Support Posted: Fri Aug 06, 2010 10:39 am Subject: Named Properties with the Message data |
Hi All,
I’ve been straggling with this for couple of days, I hope some one will shed some light on this. We have Java client connecting to our MQ server 7.x over a VPN. (All Windows platform). When ... |
| Topic: Disable the Administrator group |
Api123
Replies: 24
Views: 24923
|
Forum: IBM MQ Security Posted: Fri Jun 18, 2010 1:29 pm Subject: Disable the Administrator group |
| What I’m learning is:- With no MCAuser (enough is been said about MCAuser on this forum -good&bad) . And the strange design of allowing a user to login with just because the user name is adminis ... |
| Topic: Disable the Administrator group |
Api123
Replies: 24
Views: 24923
|
Forum: IBM MQ Security Posted: Fri Jun 18, 2010 12:54 pm Subject: Disable the Administrator group |
This is unbelievable?
What is unbelievable is that you've not set MCAUser on the channel.
Vitor. Did you really read my last post?
Yes - you clearly said
in the absence of security exists, ... |
