| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| How do I install a channel security exit? |
« View previous topic :: View next topic » |
| Author |
Message
|
| manjo |
 Posted: Thu Jun 13, 2002 11:53 am Post subject: How do I install a channel security exit? |
 |
|
Novice
Joined: 29 Nov 2001
Posts: 15
|
Hello,
I'm relatively new to MQ, have a general understanding of channels, QMs and queues (I've been defining them and using them), but I'm ignorant about security channel exits. I've researched this web-site, the IBM MQ manuals where security exits are referenced, and IBM red papers that mention security exits and have learned just enough to completely confuse myself.
The company at the other end of our channel is requiring the use of security exits, but I'm not sure what's all involved in setting this up. They provided sample channel security exit source code in C, a "CCSID" (do they mean CCSD?) value, and a sample channel definition that includes a value for SCYEXIT and MCAUSER.
Given the above information by the other party, how do I install the security exit (not knowing C languange)?
We are running MQ on a Sun Solaris/Unix (not sure which version).
Thanks,
Margaret Andrews |
|
| Back to top |
|
 |
| oz1ccg |
| Posted: Fri Jun 14, 2002 12:07 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Hi Margaret,
when
| Quote: |
| The company at the other end of our channel is requiring the use of security exits |
they might also be able to give you the requested exit.... they might want to do business with you, right ?
They must have maked a specification of what they want from your computer regarding the connect.
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| manjo |
| Posted: Fri Jun 14, 2002 9:34 am Post subject: |
|
|
Novice
Joined: 29 Nov 2001
Posts: 15
|
Hi Jørgen,
I guess I don't understand your answer. The other party DID provide the exit (in the form of a sample C program). But if we can use it it AS IS or even customize it for our use, my question was: How does one install an exit after it has been written? Or is there nothing to it beyond making the executable accessible. Do you just identify the name of the exit in the Channel definition and that's it? In my research, there was explanation of public and private keys, a CSSD, cryptographic software....
Am I making this harder than it is?
Thanks,
Margaret |
|
| Back to top |
|
|
| gye |
| Posted: Tue Jun 25, 2002 1:12 am Post subject: |
|
|
Novice
Joined: 07 Apr 2002
Posts: 13
|
Margret,
The CSSD and those channelexit codes could be implemented for MQSeries Client and Server, or Server to Server. We have done that on AIX box, and it does provide PKI based authentication/encryption, etc. The messages are encrypted in the quasi-SSL channel.
Any way, the red book is quite misleading. You have to work hard to find by yourself, not understanding the solution from it only.
Now we are trying to see how will the Java client work.
George |
|
| Back to top |
|
|
| manjo |
| Posted: Tue Jun 25, 2002 6:03 am Post subject: Exit Issue Resolved.... |
|
|
Novice
Joined: 29 Nov 2001
Posts: 15
|
Just thought I'd explained the resolution for those who may end up with the same problem.
The entity we were communicating with provided us with an exit that was installable with no changes to the program. We compiled it (it was a C program) and put the executable into the /var/mqm/exits directory (which I believe is the default directory if you don't specify it somewhere). For whatever reason we chgd the name of the executable to "AUTH", but I don't know if that was necessary.
Then in the Channel definition, I changed 2 parms like so:
ALT CHL chlname CHLTYPE(SDR) SCYEXIT('AUTH(CHANNELEXIT)')
ALT CHL chlname CHLTYPE(SDR) MCAUSER('xxxx')
where 'xxxx' was the "userid" in the exit used for authentication (I got this value from the other party, because I was completely clueless as to what to put in there).
I hope this saves somebody else from the agony I went through.
Thanks,
Margaret |
|
| Back to top |
|
|
| gye |
| Posted: Tue Jun 25, 2002 4:52 pm Post subject: |
|
|
Novice
Joined: 07 Apr 2002
Posts: 13
|
Hi,
For the Server-to-Server connection, you have also define the RCVR channel at the other side, calling the same program AUTH.
And you have define SENDEXIT at the sender side, RECVEXIT at the receiver side. SENDEXIT('AUTH(CHANNELEXIT)'), etc.
This also works for Client-Server module, which means you have MQSeries Client at client side only. As such, you have to define CLNTCONN channel instead of SDR channel, and SVRCONN channel instead of RCVR channel.
George |
|
| Back to top |
|
|
| mitches9 |
| Posted: Wed Jun 26, 2002 7:06 am Post subject: Tutorials/Sample/Training/Anything!? |
|
|
Novice
Joined: 07 Jun 2002
Posts: 23
Location: Ohio
|
In light of the fact that we all agree there are 4 million pages of documentation on MQSeries from IBM, and one-half of a useful page on writing security exits...
I too deal with security exits and have made minor revisions to existing ones in our company. But we're changing OS from NT to XP and MQ from Window 2.1 to Server 5.3. Can anyone recommend some good resources for writing exits from scratch? I'd really like to better understand what I'm dealing with. |
|
| Back to top |
|
|
| abiram8 |
| Posted: Thu Dec 05, 2002 2:09 am Post subject: |
|
|
Master
Joined: 27 Mar 2002
Posts: 207
Location: India
|
Hi,
Iam new to c/c++ I was in search of the channel exit prog I really got useful code downloaded from the site
Thanks for providing the Code which was really easy for us to configer into the Channel
I want to know one information how to build cssd.exe as given in the readme.txt of the code which I downloaded from the site
*****************************************
Once you have RSA.lib, you need to build the Cssd.exe file. You will find the
source code in the Cssd/ subdirectory. This requires some of the source code
from rsa-win32 during compiling, along with the RSA.lib during linking. You
will need to include these in your project path to get the build to work.
Keep in mind that some of these include files appear in the file list for the
project and they contain the incorrect paths to these files (but correct on
my machine) I mainly left them there as placeholders so you know what Cssd is
trying to include. If you have set your include and library paths properly, you
should be able to remove these files from the file list for the Cssd workspace
(you should see rsaeuro.h and rsa.lib - you can remove these).
*******************************************
few things Iam not clear
1) Where to save my cssd.exe file (I have installed my MQSeries Server in
say (d:/progfiles/ibm/mqseries)
2) Where To save QMGRS & Channel.inp Files
1) What I actually did was copied the mqexit.dll to the default path of (d:/progfiles/ibm/mqseries/exits)
2) I have this file
1. QMGRS.INP
2. CHANNELS.INP
Where to save this file 
Thanks
R.Abiram |
|
| Back to top |
|
|
| abiram8 |
| Posted: Mon Dec 09, 2002 2:30 am Post subject: |
|
|
Master
Joined: 27 Mar 2002
Posts: 207
Location: India
|
Hi,
I have downloaded the required files to my system when Iam compiling the cssd.c file get the following error
************************************
Miracle C Compiler (r3.2), written by bts.(This is compiler from Miracle)
line 3, mqsec.h: #include cmqc.h ignored--file not found.
Compiling d:\program files\miracle c\examples\cssd.c
global.h: line 37: Parse Error, expecting `SEP'
'typedef unsigned short int UINT2'
aborting compile
******************************
I donot have the file in cmqc.h in required path nor in any of the directory from the downloaded file
have any one faced the problem please let me know the solutions
Thanks
R.Abiram  |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
