ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » Windows MQ Explorer to Z/OS Queue Manager

Post new topic  Reply to topic
 Windows MQ Explorer to Z/OS Queue Manager « View previous topic :: View next topic » 
Author Message
rconn2
PostPosted: Thu May 27, 2010 12:15 pm    Post subject: Windows MQ Explorer to Z/OS Queue Manager Reply with quote

Voyager

Joined: 09 Aug 2007
Posts: 79
Location: MD, USA

We're trying to connect Windows MQ Explorer (v7) to a Z/OS QM (v6). It seems the connection properties for Userid and Password are being ignored (and the logged-into Windows ID is being sent instead).

The error we receive is: An unexpected error (0) has occurred (AMQ4999).

5/4/2010 17:18:01 - Process(4184.1) User(*****) Program(amqmsrvn.exe)
AMQ6183: An internal WebSphere MQ error has occurred.

EXPLANATION:
An error has been detected, and the WebSphere MQ error recording routine has been called.

Any help/guidance will be appreciated. Thx.
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Thu May 27, 2010 12:35 pm    Post subject: Re: Windows MQ Explorer to Z/OS Queue Manager Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada

rconn2 wrote:
We're trying to connect Windows MQ Explorer (v7) to a Z/OS QM (v6). It seems the connection properties for Userid and Password are being ignored (and the logged-into Windows ID is being sent instead).

Yes, that is exactly what should happen. The UserID and Password fields are used by MQ Explorer to send the user credentials to a server-side security exit.

The queue manager does not use these fields.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
rconn2
PostPosted: Thu May 27, 2010 1:14 pm    Post subject: Reply with quote

Voyager

Joined: 09 Aug 2007
Posts: 79
Location: MD, USA

Thanks Roger. Is there a standard or widely used means, using a security exit or otherwise, for getting explorer to work with a qm on z/os?
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Thu May 27, 2010 1:34 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada

rconn2 wrote:
Is there a standard or widely used means, using a security exit or otherwise, for getting explorer to work with a qm on z/os?

There are 3 products that you can look at:

1. Capitalware's MQ Authenticate User Security Exit for z/OS (z/MQAUSX)
2. IBM's WebSphere MQ Extended Security Edition
3. Primeur's Data Secure for WebSphere MQ

Of course, I would have to say our product (z/MQAUSX) is the best of the 3.

Please let me know if you have any questions or comments.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
bruce2359
PostPosted: Thu May 27, 2010 1:40 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.

A no-cost method is to create on z/OS a RACF userid that matches the Win/UNIX username.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Thu May 27, 2010 1:47 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada

bruce2359 wrote:
A no-cost method is to create on z/OS a RACF userid that matches the Win/UNIX username.

Sure, if you do not want security then that works just fine. (Everybody can use that UserId.)

Even better and less work, just use the Chin's UserID in your application. i.e. If your queue manager's name is MQA1 then the Chin's Started-Task UserID will be called "MQA1CHIN". So, just use it and you can do whatever you want!!

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
mqjeff
PostPosted: Fri May 28, 2010 1:51 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Another no-cost method is to use SSL and SSLPEER to ensure that only the correct users can actually connect to any of the SVRCONNs on the zed qmgr, and then use an MCAUSER on the correct admin channel to match a RACF identity.

A certificate file being exactly as easy to share as a password, it's exactly as secure as a userid/password combination.

Well, okay, it's a little harder to leave a certificate file lying around on a post-it note under the keyboard.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » Windows MQ Explorer to Z/OS Queue Manager
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.