| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| New: MQ Authenticate User Security Exit v1.4.0 |
View previous topic :: View next topic |
| Author |
Message
|
| RogerLacroix |
 Posted: Fri May 01, 2009 1:16 pm Post subject: New: MQ Authenticate User Security Exit v1.4.0 |
 |
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
Capitalware Inc. would like to announce the official release of MQ Authenticate User Security Exit v1.4.0.
This is a FREE upgrade for licensed users of MQ Authenticate User Security Exit.
Changes for MQ Authenticate User Security Exit v1.4.0:
Server-side:
- New supported platform: iSeries (OS/400)
- New supported platform: AIX 6.1
- Major performance and tuning to many modules - a 7% - 12% improvement in speed depending on features used
- Added enc_server - it is used to create an encrypted server-side FBA file (i.e. /etc/shadow). enc_server is similar/combination to the Unix programs: useradd, userdel and passwd including Unix crypt.
- Added testldap and testldapssl helper programs to allow quick testing of the the LDAP keywords in the MQAUSX IniFile.
- Added support for up to 10 LDAP servers.
- Added UseLDAPLoadBalance keyword which is used for LDAP load balancing when 2 or more LDAP servers are specified
- Added support for LDAP group lookup. (UseLDAPSearch, LDAPSearchBase, LDAPSearchFilter and LDAPSearchScope)
- Added the ability to explicitly reject an incoming IP address based on a pattern-matching (UseRejectIP and RejectIP).
- Added the ability to explicitly reject an incoming UserId based on a pattern-matching (UseRejectUserID and RejectUserID).
- Added the ability to explicitly reject an incoming Active Directory Name based on a pattern-matching (UseRejectADName and RejectADName) * Windows only *.
- Added the code to disable Event Warning messages when WriteToEventQueue is being used.
- Added code to limit the number of messages written to the event queue when WriteToEventQueue is being used.
- Added MCCGetTimeOut keyword to allow the user to define how long to wait on the "DIS CHL(<ChannelName>)" command when UseMCC is being used.
- Added BackupLogFileCount which is used to control the number of backup log files (Default value is 9)
- Fixed a shared memory issue on Windows when UseMCC is being used.
Client-side:
- Fixed a null pointer problem in the client-side code
For more information on the MQ Authenticate User Security Exit solution go to:
http://www.capitalware.biz/mqausx_overview.html
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Mon May 11, 2009 10:22 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
All,
In the MQAUSX v1.4.0 announcement, we failed to mention a new feature: the support of the “MQ old style” of sending the UserID and Password in plain text to the remote queue manager.
A customer requested that MQAUSX server-side security exit support the MQ old style of sending the UserID and Password in plain text to the remote queue manager. Their company security policy allows them to send user's credentials in plain text between the client application and the remote queue manager for authentication. Since they have chosen to use the MQ old style of sending the UserID and Password to the remote queue manager, the client-side application does NOT require the MQAUSX client-side security exit.
The main advantage of using the MQ old style or MQCSP structure (v6 & higher) to send the user's credentials to the remote queue manager is that the client application does NOT require the MQAUSX client-side security exit.
The main disadvantage of using the MQ old style or MQCSP structure to send the user's credentials to the remote queue manager is that the user's credentials are sent in plain text (i.e. not encrypted).
The MQ old style of sending the UserID and Password in plain text to the remote queue manager has been tested and is supported for Java, J2EE and .NET.
Java code example:
| Code: |
MQEnvironment.userID = "myUserID";
MQEnvironment.password = "myPassword"; |
J2EE example:
| Code: |
| cf.createQueueConnection("myUserID", "myPassword"); |
C# .NET
| Code: |
MQEnvironment.UserId = "myUserID";
MQEnvironment.Password = "myPassword"; |
For those client applications written in C or C++ that do not want to use the MQAUSX client-side security exit and are ok sending user's credentials in plain text, the application needs to use the MQCSP structure (see examples MQTest31.c, MQTest32.c, MQTest31.cpp and MQTest32.cpp).
Please let me know if you have any questions or comments.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
|
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
