| Author |
Message
|
| paustin_ours |
 Posted: Mon Jul 21, 2014 11:47 am Post subject: channel aithentication |
 |
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
This is weird
broker at 8004. admin security active.
the default rules are there.
but I am able to connect using a svrconn channel with mqm as the mca user id
i would expect to get a not authorized error. This i got on Linux.
I know when i tried this a while back on iib9 i was never able to connect as mqm. |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Mon Jul 21, 2014 12:03 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
This really does not have a lot to do with broker. All this stuff (channel security etc) is the responsibility of the Queue Manager.
It is a well documented fact that giving a channel an MCASUER = 'mqm' is like giving the keys to the safe at the bakc to a robber.
There are times and places where this might be the thing to do but these are the exception rather than the rule.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| paustin_ours |
| Posted: Mon Jul 21, 2014 12:04 pm Post subject: |
|
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
ok i looked at the queue manager. It had channel authentication disabled. I believe that is the reason i am able to connect as mqm.
now the question is, if this is disabled and then i set the broker admin security to active. It doesn't make any sense does it? |
|
| Back to top |
|
|
| paustin_ours |
| Posted: Mon Jul 21, 2014 12:05 pm Post subject: |
|
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
| Quote: |
| It is a well documented fact that giving a channel an MCASUER = 'mqm' is like giving the keys to the safe at the bakc to a robber. |
agreed. just doing some testing. |
|
| Back to top |
|
|
| paustin_ours |
| Posted: Mon Jul 21, 2014 12:20 pm Post subject: |
|
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
I think i am confusing channel authentication records and admin security. back to info center.
What i am trying here is get teh web UI to work. I created a webuserid 'mqm' which would correlate to the mqm id on the server.
i am able to logon using mqm and the password but i am not able to see any broker components.
mqm ID has all the permissions set on the system.broker.auth queues and system.broker.auth.eg queue
what else am i missing?
back to infocenter |
|
| Back to top |
|
|
| paustin_ours |
| Posted: Mon Jul 21, 2014 12:29 pm Post subject: |
|
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
SYSTEM.BROKER.WEBADMIN.SUBSCRIPTION this queue doesnt exists
| Quote: |
| GET and PUT authority on the queue SYSTEM.BROKER.WEBADMIN.SUBSCRIPTION |
from infocenter
do we need to create it manually? |
|
| Back to top |
|
|
| paustin_ours |
| Posted: Mon Jul 21, 2014 12:33 pm Post subject: |
|
|
Yatiri
Joined: 19 May 2004
Posts: 667
Location: columbus,oh
|
| Oh well that was it. that worked. wonder why that queue wasnt there in the first place. Maybe the broker was created without admin security. |
|
| Back to top |
|
|
|
|
