| Author |
Message
|
| jefflowrey |
 Posted: Fri Jun 08, 2007 7:20 am Post subject: |
 |
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Of course, it's still only a Cat 2 support pack, so it's still only supported by the author.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
 |
| Trainee |
| Posted: Mon Jul 30, 2007 5:55 am Post subject: |
|
|
Centurion
Joined: 27 Oct 2006
Posts: 124
|
Is any one using this exit...
I was able to work with PWServer without LDAP feature in it but not with LDAP...
Any other support packs(exits) which can be used with LDAP authentication ...
Thank you
Trainee |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Wed Aug 01, 2007 1:26 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
|
| Back to top |
|
|
| neeff |
| Posted: Thu Aug 02, 2007 11:58 pm Post subject: MS0R authentication problems |
|
|
Novice
Joined: 06 Apr 2003
Posts: 11
Location: Munich and Ludwigsburg, Germany
|
Jorgen,
we are using the MS0R on AIX with MQ6.0 (6.0.2.1). It works perfect without user authentication, but when I try to authenticate (e.g. using MO71), I get following error:
Error!! - password for [user] failed with: [16]
I also was wondering why I always see the user ID from the client system and not the one I specified in MO71's password dialogue. Seems the client transfers always the user ID from the source OS environment.
The client box is on 6.0.0.0 (windows). Any ideas? We used the latest version of MO71.
Thanks, best regards, Thomas
_________________
Thomas Neeff
Certified IBM System Administrator - WebSphere MQ, V5.3
Germany |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Aug 03, 2007 12:53 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
News/Updates forum is not for discussion, I will split this topic and put a link to the discussion thread
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Aug 03, 2007 4:37 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Hi Thomas,
Error!! - password for [user] failed with: [16]
It seems like the user/password have missed something, does PWServer1 have the correct settings ?
chown root:mqm exits/PWServer1
chmod 4550 exits/PWServer1
-- Lock it or Lose it -- 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| Trainee |
| Posted: Fri Aug 03, 2007 6:38 am Post subject: |
|
|
Centurion
Joined: 27 Oct 2006
Posts: 124
|
Hi,
I qm able to use MS0R with LDAP too.Intially I doubted that I need to install LDAP client or server with WMQ where I am using PWServer..I installed LDAP Client and it is working fine
Thanks |
|
| Back to top |
|
|
| kats |
| Posted: Mon Aug 20, 2007 9:03 am Post subject: |
|
|
Voyager
Joined: 20 Apr 2006
Posts: 78
|
http://www.mqseries.net/phpBB2/viewtopic.php?t=37538&sid=a7069276a5a3c33549785af867994272
I couldn't find thread that does comparison: BlockIP2 Vs MS0R
I interpret it as MS0R also includes functionality of BlockIP2.
and MS0R is supported by IBM...
Though BlockIP2 and MS0R are both by same Author (Jorgen)
In ms0r.pdf, pre-requisite page says, for Sun solaris Sparc, it's good for release 5.10. Isn't it backward compatible.
My platform are Sun Sparc 5.8 and 5.9 with MQ 6.0.2.1.
I just need IP filtering. I think user ID can be authenticated by Setmqaut ( please feel free to correct me)
does anybody want to add/suggestions.
_________________
If everything goes well, don't panic, it won't last for long.
Last edited by kats on Mon Aug 20, 2007 11:50 am; edited 2 times in total |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Aug 20, 2007 9:11 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Looks like you have your support pack confused.
You can compare blockip2 to MS0R. MS03 is the saveqmgr support pack! 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| kats |
| Posted: Mon Aug 20, 2007 11:37 am Post subject: |
|
|
Voyager
Joined: 20 Apr 2006
Posts: 78
|
| fjb_saper wrote: |
Looks like you have your support pack confused.
You can compare blockip2 to MS0R. MS03 is the saveqmgr support pack! |
Thanks for pointing out. I've corrected in my original post too.
_________________
If everything goes well, don't panic, it won't last for long. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Aug 20, 2007 12:18 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| kats wrote: |
| and MS0R is supported by IBM... |
Not true!
| IBM wrote: |
Technical support
Category 2 SupportPacs are provided in good faith and AS-IS. There is no warranty or further service implied or committed and any supplied sample code is not supported via IBM product service channels. |
| kats wrote: |
| I just need IP filtering. I think user ID can be authenticated by Setmqaut ( please feel free to correct me) |
Not true! 'setmqaut' is a component of OAM that simply sets the appropriate ACL (Access Control List) for a given UserId or GroupId.
| kats wrote: |
| does anybody want to add/suggestions. |
There are only 3 supported MQ security products in the market place that do full UserId and Password authentication:
- Capitalware's MQ Authenticate User Security Exit
- IBM's WebSphere MQ Extended Security Edition V6
- Primeur's Data Secure for WebSphere MQ
There is only 1 supported MQ security product in the market place that does filtering and/or verification:
- Capitalware's MQ Standard Security Exit
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| kats |
| Posted: Tue Aug 21, 2007 6:04 am Post subject: |
|
|
Voyager
Joined: 20 Apr 2006
Posts: 78
|
| RogerLacroix wrote: |
Not true! 'setmqaut' is a component of OAM that simply sets the appropriate ACL (Access Control List) for a given UserId or GroupId. |
A <--->B (Assume Box A communicates with Box B via MQ, say thru Svrconn channel that exist on A)
As I understand it: (I'm totally prepared to be corrected)
For userID/groupID from box B, those who initiate MQ communication with A, has to reside in atleast in application group in A.
Furthermore setmqaut sets appropriate ACL for "Given UserID/groupID" to particular MQ objects on A.
If so far my understanding is right, then no other ID from box B can tallk to A except those who resides in A.
If that is correct, what else is MQ Authentication.
| Quote: |
There are only 3 supported MQ security products in the market place that do full UserId and Password authentication:
- Capitalware's MQ Authenticate User Security Exit
- IBM's WebSphere MQ Extended Security Edition V6
- Primeur's Data Secure for WebSphere MQ
There is only 1 supported MQ security product in the market place that does filtering and/or verification:
- Capitalware's MQ Standard Security Exit
Regards,
Roger Lacroix
Capitalware Inc. |
 
Thanks For the Insight Roger, but I know what Co. folks first reaction would be "WE WANT FREE " ...but eventually if we have to, we'll buy to comply with audit points: MQ Authentication and IP filtering
_________________
If everything goes well, don't panic, it won't last for long. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Aug 21, 2007 6:09 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
MQ does not provide authentication.
It provides authorization.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue Aug 21, 2007 12:16 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| kats wrote: |
A <--->B (Assume Box A communicates with Box B via MQ, say thru Svrconn channel that exist on A)
As I understand it: (I'm totally prepared to be corrected)
For userID/groupID from box B, those who initiate MQ communication with A, has to reside in atleast in application group in A.
Furthermore setmqaut sets appropriate ACL for "Given UserID/groupID" to particular MQ objects on A.
If so far my understanding is right, then no other ID from box B can tallk to A except those who resides in A.
If that is correct, what else is MQ Authentication. |
Not true. That is authorization (permission).
| jefflowrey wrote: |
MQ does not provide authentication.
It provides authorization. |
Exactly.
| kats wrote: |
| Thanks For the Insight Roger, but I know what Co. folks first reaction would be "WE WANT FREE " ...but eventually if we have to, we'll buy to comply with audit points: MQ Authentication and IP filtering |
There is true in 'you get what you paid for'. The product is free, you are not paying for support / there is no support or warranty, and when something breaks, management WILL want a timely resolution.
I've discovered some contact admin bugs in WMQ v6.0.2.1 related to exits and IBM's first response is always that it is an 'exit related issue' and not an MQ related problem.
Who's going to be your advocate? Who's going to spend the time to write detailed description of the problem, provide sample code to IBM on your behave to get the problem resolved?
Food for thought.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| cactus |
| Posted: Mon Sep 17, 2007 10:48 am Post subject: AMQ8413: String Length Error. |
|
|
Apprentice
Joined: 12 Oct 2002
Posts: 30
|
Is there way to avoid full path of config file in security data parameter.
SCYDATA('FN=/var/mqm/exits/mqadmin.cf;-d;').
same like SCYEXIT(PWServer(PWExit)).
_________________
thankx
cactus |
|
| Back to top |
|
|
|
|
