ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ and Kerberos

Post new topic  Reply to topic
 MQ and Kerberos « View previous topic :: View next topic » 
Author Message
seanb
PostPosted: Mon Apr 14, 2008 6:32 am    Post subject: MQ and Kerberos Reply with quote

Apprentice

Joined: 02 Aug 2003
Posts: 39
We are in the process of of implementing Kerberos.

All my research and testing shows that MQ is not LDAP compliant and that we still need to define local OS user IDs and groups for use with MQ. This being the case means the application user IDs that wish to connect to MQ also need to be local OS user IDs and can not be Kerberos user IDs.

Can anyone tell me if this is correct and if so what options are available to intergrate with LDAP. It appears we may need to replace the MQ OAM with some other product?

Thanks,
Sean.
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Apr 14, 2008 6:46 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
Your research has undoubtly thrown up these:

http://www.mqseries.net/phpBB2/viewtopic.php?t=23993


http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IC50958

which I include in this post for the benefit of future readers.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Mon Apr 14, 2008 7:05 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
You can also talk to an IBM sales rep about WebSphere MQ Extended Security Edition.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
seanb
PostPosted: Mon Apr 14, 2008 7:12 am    Post subject: Reply with quote

Apprentice

Joined: 02 Aug 2003
Posts: 39
Yes I have, but these deal with security exits on channels.

I am specifically looking for LDAP support with the setmqaut command (and associated application access). My original post was a little unclear, sorry for that.

I seem to remember reading TAMBI or WebSphere Extended Security Edition supports LDAP. I am checking these now. If they do, assuming we went down that path, I'd imagine that would involve substantial effort. I was hoping there was a simpler solution, similar to using AUTHINFO for CRL'S, that could be used.
Back to top
View user's profile Send private message
seanb
PostPosted: Mon Apr 14, 2008 7:15 am    Post subject: Reply with quote

Apprentice

Joined: 02 Aug 2003
Posts: 39
Thanks Jeff, I'll check that out now.
_________________
Regards,
Sean
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ and Kerberos
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.