| Author |
Message
|
| Elayaraja |
 Posted: Fri Oct 29, 2010 4:39 pm Post subject: security - channel (SVRCONN) |
 |
|
Newbie
Joined: 27 Oct 2010
Posts: 4
|
Hi,
We are implementing security for SVRCONN channel for particular user (non-mq group user). When we create channel, we had given MCAUSER as 'wasadmin' and executed setmqaut for wasadmin to connect the qmgr and channel.
Question 1.
When we create the QCF, we had given wrong password of 'wasadmin' user. Still we are able to connect the queue manager.
Is that correct scenario? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Fri Oct 29, 2010 5:02 pm Post subject: Re: security - channel (SVRCONN) |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Elayaraja wrote: |
Hi,
We are implementing security for SVRCONN channel for particular user (non-mq group user). When we create channel, we had given MCAUSER as 'wasadmin' and executed setmqaut for wasadmin to connect the qmgr and channel.
Question 1.
When we create the QCF, we had given wrong password of 'wasadmin' user. Still we are able to connect the queue manager.
Is that correct scenario? |
Yes.
MCAUSER and MQ in general does not make regard to the password.
If you wish to control whether some particular OS level user can connect to the channel vs some other OS level user that can't, you either need an Exit or you need to use SSL and SSLPEER. |
|
| Back to top |
|
|
| Elayaraja |
| Posted: Fri Oct 29, 2010 5:26 pm Post subject: |
|
|
Newbie
Joined: 27 Oct 2010
Posts: 4
|
| Thanks for the clarification. It's very difficult to explain to non technical managers. Their question is "then what is the purpose of user authentication issue setmquat" |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Oct 29, 2010 5:37 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Elayaraja wrote: |
| Their question is "then what is the purpose of user authentication issue setmquat" |
Point out that setmqaut (as described here) is an authorization service not an authentication service.
Hence the lack of facilities to authenticate users. Because that's not what it does.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Oct 30, 2010 3:13 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| Elayaraja wrote: |
| Their question is "then what is the purpose of user authentication issue setmquat" |
Point out that setmqaut (as described here) is an authorization service not an authentication service. |
And if you can't make them understand that difference, then you need to make them understand that they are paying you to be technical for them. |
|
| Back to top |
|
|
|
|
