| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| New Active Directory - Security Requirements for MQ and WMQI |
« View previous topic :: View next topic » |
| Author |
Message
|
| mqelf |
 Posted: Fri Jan 28, 2005 2:22 pm Post subject: New Active Directory - Security Requirements for MQ and WMQI |
 |
|
Newbie
Joined: 13 Sep 2004
Posts: 4
|
I've seen several posts on Active Directory. I wanted to make sure I was covered with my configuration. We are going to a new Active Directory domain from our current NT domain. We are not doing a conversion but a new install. The Windows 2000 server is a full MQ repository in an MQ cluster with two Sun Solaris machines all running MQ 5.3 CSD05. The Windows 2000 repository is for extra security for the cluster (keeping a quorum of 2 of 3 at all times). We do not use the Windows 2000 machine to actually transmit customer data.
However, the Windows 2000 machine is our WMQI Configuration Manager. Based on this set up do we need the delegate authorities for the domain mqm ID for the MQ portion. I will have to attach to the server locally and would no longer be able to use the Explorer tool if I don't do something but is there any other impacts.
What about the WMQI Configuration Manager? What is the impact to it?
Thank you very much. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Fri Jan 28, 2005 3:02 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
There's a section in the WebSphere MQ Quick Beginnings for Windows that discusses MQ Security in an Active Directory domain.
You will need to create or use a user with a specific set of priviledges so that you can authenticate domain users.
If I understand this correctly, and I might not, you do not have to make "Domain mqm" part of the mqm group on the local machine. If you don't do that, then I think that members of that group don't have any priviledges on the queue managers on the local box.
As for WBIMB security - this is an entire seperate kettle of fish, and you have a lot more flexibility. And you're better off posting your requirements to a new post in the WMQI/WBIMB forum.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| kirani |
| Posted: Sat Jan 29, 2005 3:20 pm Post subject: |
|
|
Jedi Knight
Joined: 05 Sep 2001
Posts: 3779
Location: Torrance, CA, USA
|
[Moving to WMQI Forum]
_________________
Kiran
IBM Cert. Solution Designer & System Administrator - WBIMB V5
IBM Cert. Solutions Expert - WMQI
IBM Cert. Specialist - WMQI, MQSeries
IBM Cert. Developer - MQSeries
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
