| Author |
Message
|
| charanR |
 Posted: Wed Dec 20, 2017 12:50 pm Post subject: CHCKCLNT(REQUIRED) in chlauth |
 |
|
Apprentice
Joined: 05 Oct 2017
Posts: 28
|
Hello,
I'm not sure if this is possible but need your advice to proceed on this.
Altered AUTHINFO('SYSTEM.DEFAULT.AUTHINFO.IDPWOS') to CHCKCLNT(OPTIONAL)
Now, when I set chlauth with CHCKCLNT(REQUIRED) so that channel is authenticated I get this error in the error logs.
| Code: |
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(OPTIONAL) configuration. |
Is it not possible to authenticate channel connection without enabling at the qmgr level ?
If not possible, why does CHCKCLNT has options such as ASQMGR, OPTIONAL and REQUIRED ?
which means
At QMGR level if CHCKCLNT for IDPWOS is REQUIRED, then chlauth will be authenticated
At QMGR level if CHCKCLNT for IDPWOS is OPTIONAL, then chlauth is optional but can be set to REQUIRED ??
At QMGR level if CHCKCLNT for IDPWOS is any, then chlauth takes whatever the QMGR is set to from ASQMGR option. |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Dec 20, 2017 2:56 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Did you refresh security after the change?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| charanR |
| Posted: Fri Dec 22, 2017 5:33 am Post subject: |
|
|
Apprentice
Joined: 05 Oct 2017
Posts: 28
|
figured out the issue. I was missing two changes.
1. update AUTHENMD to PAM for IDPWOS
2. set chlauth(MQADMIN.SVRCONN) TYPE(USERMAP) CLNTUSER('superhero') ADDRESS('*') MCAUSER('superhero') CHCKCLNT(REQUIRED) ACTION(REPLACE)
With these changes I was able to login using password.
One question though ? Is there a way to match USERMAP to group instead of id ? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Dec 22, 2017 6:06 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| charanR wrote: |
figured out the issue. I was missing two changes.
1. update AUTHENMD to PAM for IDPWOS
2. set chlauth(MQADMIN.SVRCONN) TYPE(USERMAP) CLNTUSER('superhero') ADDRESS('*') MCAUSER('superhero') CHCKCLNT(REQUIRED) ACTION(REPLACE)
With these changes I was able to login using password.
One question though ? Is there a way to match USERMAP to group instead of id ? |
You'd just have to use an id that's a member of the group... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| charanR |
| Posted: Fri Dec 22, 2017 8:51 am Post subject: |
|
|
Apprentice
Joined: 05 Oct 2017
Posts: 28
|
| fjb_saper wrote: |
| charanR wrote: |
figured out the issue. I was missing two changes.
1. update AUTHENMD to PAM for IDPWOS
2. set chlauth(MQADMIN.SVRCONN) TYPE(USERMAP) CLNTUSER('superhero') ADDRESS('*') MCAUSER('superhero') CHCKCLNT(REQUIRED) ACTION(REPLACE)
With these changes I was able to login using password.
One question though ? Is there a way to match USERMAP to group instead of id ? |
You'd just have to use an id that's a member of the group... |
yeah.. just wondering if that's even possible. thank you. |
|
| Back to top |
|
|
|
|
