ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MCAUSER disappears after 'strmqm -c'

Post new topic  Reply to topic
 MCAUSER disappears after 'strmqm -c' « View previous topic :: View next topic » 
Author Message
bbburson
PostPosted: Tue Jun 19, 2007 7:45 am    Post subject: MCAUSER disappears after 'strmqm -c' Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
Here is the text of a PMR I just opened:

Code:
It is widely known that the MCAUSER attribute should be set to a non-authorized or non-existent userid on SYSTEM.DEF.SVRCONN and SYSTEM.AUTO.SVRCONN channels, to prevent unwarranted access to the queue manager.

The WMQv6 quick beginnings books for AIX, Sun, HP-UX include instructions to run 'strmqm -c' on queue managers migrating from version 5.3.

Running this command REMOVES the MCAUSER attribute from those two channels, thereby opening the channels up to connections that may use the 'mqm' userid to gain full access to the queue manager.


Beware that you may not be as secure as you think you are.
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Tue Jun 19, 2007 7:47 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
So, yeah.

Strmqm -c recreates the system objects with the default values.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
UglyAngelX
PostPosted: Tue Jun 19, 2007 10:37 am    Post subject: Reply with quote

Voyager

Joined: 04 Dec 2001
Posts: 90
Location: BEARS FAN IN STEELER COUNTRY
I think I am pretty secure, considering this was fairly common knowledge that objects were created or replaced when this command is run......so they would need to be configured to be secure again.
Back to top
View user's profile Send private message
bbburson
PostPosted: Fri Jun 22, 2007 7:07 am    Post subject: Reply with quote

Partisan

Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
Thanks for the replies. I agree that I should have realized the objects were being recreated and that MCAUSER would therefore be blanked out. My purpose in raising a PMR and posting here is to keep other less-than-careful readers such as myself from being surprised after the fact.

IBM agrees that additional text in the Quick Beginnings guides and migration documentation is in order to remind people of the possibly overlooked consequences of 'strmqm -c'.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MCAUSER disappears after 'strmqm -c'
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.