| Author |
Message
|
| tapak |
 Posted: Thu Aug 31, 2006 7:11 am Post subject: Configure MQ Server to authorize client connections |
 |
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
I need to configure MQ Servers in a network to authenticate client users from different platforms with userid and password.
I see with Blockip , you can secure access based on userids and ipaddress . But it doesnt validate the password. Is there any other tools available in the market which authorize userids and passwords.
My other option is to write a security exit which authenticate and authorize based on values stored in a server . In that case I need to store the userids and passwords in a database , ldap server or a file .
A file is easier to maintain , but I guess I have to encrypt the password in the file with strong encryption . Do you thing it is a good way to do it.
Second option is to store in a ldap server . In that case I need to have ldap server in all mq machines where I need authorization .But the encrytpion facilities will be done by the ldap provider.Or is it there a way to do differently . I can have a single ldap global ldap server .But in that case I will be depending upon the network connection to the ldap server.
What are the free ldap servers which are supported in different platforms . mainly windows and solaris.
Third option is to use a database .But I guess an ldap server is faster than using a database.
Let me know if you know any other way of doing it.
Any inputs are appreciated . |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Aug 31, 2006 7:18 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You can use SSL which comes with the product. Then you can provide a keyring to each user, and that will authenticate them.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| tapak |
| Posted: Thu Aug 31, 2006 9:59 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
Using SSL is avery good option for more security .
I guess , that means the user has to install the key ring for each application .Any idea of performancece difference of using SSL , comparing to having a security exit which validates a userid and pwd. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Aug 31, 2006 10:11 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I'd say it depends on the security exit.
You can also look at WebSphere MQ Extended Security edition.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Aug 31, 2006 8:37 pm Post subject: Re: Configure MQ Server to authorize client connections |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3265
Location: London, ON Canada
|
| tapak wrote: |
I need to configure MQ Servers in a network to authenticate client users from different platforms with userid and password.
I see with Blockip , you can secure access based on userids and ipaddress . But it doesnt validate the password. Is there any other tools available in the market which authorize userids and passwords. |
This is exactly what MQ Authenticate User Security Exit does. 
For more information on MQ Authenticate User Security Exit or to get a free 30-day trial go to:
http://www.capitalware.biz/mqausx_overview.html
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| tapak |
| Posted: Fri Sep 01, 2006 6:55 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
Hi Roger,
Thanks for the information . I went through the business case. It looks like it serve the purpose what I am looking for . I will forward the details to the appropriate person.
I am surprised that IBM , hasnt come up with anything which close this loop hole.
Thanks, Deepak |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Sep 01, 2006 6:58 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| tapak wrote: |
| I am surprised that IBM , hasnt come up with anything which close this loop hole. |
WebSphere MQ Extended Security Edition.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| tapak |
| Posted: Fri Sep 01, 2006 7:18 am Post subject: |
|
|
Centurion
Joined: 26 Oct 2005
Posts: 149
Location: Hartford,CT
|
Jeff ,
Can you please point to the link to the documentation related to Websphere Security Extended Edition.
Thanks,Deepak |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Sep 01, 2006 7:27 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
|
| Back to top |
|
|
|
|
