ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » rfhutil gives out the err code 2035

Post new topic  Reply to topic
 rfhutil gives out the err code 2035 « View previous topic :: View next topic » 
Author Message
Inforz
PostPosted: Fri May 13, 2011 3:52 am    Post subject: rfhutil gives out the err code 2035 Reply with quote

Centurion

Joined: 15 Apr 2011
Posts: 139
Location: Chennai, India
Hi,

MQv7 is installed in a linux sever. For which I dont have direct access from my windows machine. So I use putty to connect with a tunnelling to the listener port of that QM if I need to have a connection from my windows machine here. FYI, I have installed MQv7 here in windows.

I also have rfhutil. After setting the MQserver variable to the tunnelled port to connect to the linux QM and clicking "Load Names" I get a 2035 which is authentication problem.

How can I clear this or where can I give the credentials in rfhutil while it connects to the linux QM.

FYI, I am able to connect from MQ explorer v7 to a remote(linux) QM by giving host as localhost and port as <tunnelled port in putty>. And in a further step I have an option to give credentials to connect to that QM(only in v7 MQexplorer).
Back to top
View user's profile Send private message
mqjeff
PostPosted: Fri May 13, 2011 3:55 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
configure ssl.

set an mcauser on the SVRCONN, and set SSLPEER to ensure that only your certificate can connect to that SVRCONN.

grant authorities on the qmgr machine to the userid in MCAUSER.

get used to this practice, it (or using an exit) is the only way to actually secure MQ properly.
Back to top
View user's profile Send private message
Inforz
PostPosted: Wed May 18, 2011 10:02 pm    Post subject: Reply with quote

Centurion

Joined: 15 Apr 2011
Posts: 139
Location: Chennai, India
mqjeff, thanks a lot !!

we are not using any ssl certs, but I created a new svrconn chl and assigned mca userid to mqm and then ran rfhutilc using the newly created svrconn, now i can see all queues and browse msgs. thanks..
Back to top
View user's profile Send private message
zpat
PostPosted: Wed May 18, 2011 10:56 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5866
Location: UK
Inforz wrote:
now i can see all queues and browse msgs. thanks..


As can anyone else! They can also perform any admin action.

You should consider using the OAM security and groups/ids to grant queue access without full admin authority. Especially to developers!

Setting MCA user to mqm, is the number one No-No in MQ (unless secured in some way).

SSL can be a steep learning curve.

Using the free BlockIP2 exit may be a reasonable starting point to restrict access by userid or IP address instead.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » rfhutil gives out the err code 2035
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.