| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Windows MQ Explorer to Z/OS Queue Manager |
« View previous topic :: View next topic » |
| Author |
Message
|
| rconn2 |
 Posted: Thu May 27, 2010 12:15 pm Post subject: Windows MQ Explorer to Z/OS Queue Manager |
 |
|
Voyager
Joined: 09 Aug 2007
Posts: 79
Location: MD, USA
|
We're trying to connect Windows MQ Explorer (v7) to a Z/OS QM (v6). It seems the connection properties for Userid and Password are being ignored (and the logged-into Windows ID is being sent instead).
The error we receive is: An unexpected error (0) has occurred (AMQ4999).
5/4/2010 17:18:01 - Process(4184.1) User(*****) Program(amqmsrvn.exe)
AMQ6183: An internal WebSphere MQ error has occurred.
EXPLANATION:
An error has been detected, and the WebSphere MQ error recording routine has been called.
Any help/guidance will be appreciated. Thx. |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Thu May 27, 2010 12:35 pm Post subject: Re: Windows MQ Explorer to Z/OS Queue Manager |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| rconn2 wrote: |
| We're trying to connect Windows MQ Explorer (v7) to a Z/OS QM (v6). It seems the connection properties for Userid and Password are being ignored (and the logged-into Windows ID is being sent instead). |
Yes, that is exactly what should happen. The UserID and Password fields are used by MQ Explorer to send the user credentials to a server-side security exit.
The queue manager does not use these fields.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| rconn2 |
| Posted: Thu May 27, 2010 1:14 pm Post subject: |
|
|
Voyager
Joined: 09 Aug 2007
Posts: 79
Location: MD, USA
|
| Thanks Roger. Is there a standard or widely used means, using a security exit or otherwise, for getting explorer to work with a qm on z/os? |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu May 27, 2010 1:34 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| rconn2 wrote: |
| Is there a standard or widely used means, using a security exit or otherwise, for getting explorer to work with a qm on z/os? |
There are 3 products that you can look at:
1. Capitalware's MQ Authenticate User Security Exit for z/OS (z/MQAUSX)
2. IBM's WebSphere MQ Extended Security Edition
3. Primeur's Data Secure for WebSphere MQ
Of course, I would have to say our product (z/MQAUSX) is the best of the 3.
Please let me know if you have any questions or comments.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu May 27, 2010 1:40 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
A no-cost method is to create on z/OS a RACF userid that matches the Win/UNIX username.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu May 27, 2010 1:47 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| bruce2359 wrote: |
| A no-cost method is to create on z/OS a RACF userid that matches the Win/UNIX username. |
Sure, if you do not want security then that works just fine. (Everybody can use that UserId.)
Even better and less work, just use the Chin's UserID in your application. i.e. If your queue manager's name is MQA1 then the Chin's Started-Task UserID will be called "MQA1CHIN". So, just use it and you can do whatever you want!! 
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri May 28, 2010 1:51 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Another no-cost method is to use SSL and SSLPEER to ensure that only the correct users can actually connect to any of the SVRCONNs on the zed qmgr, and then use an MCAUSER on the correct admin channel to match a RACF identity.
A certificate file being exactly as easy to share as a password, it's exactly as secure as a userid/password combination.
Well, okay, it's a little harder to leave a certificate file lying around on a post-it note under the keyboard. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
