| Author |
Message
|
| bpolimera |
 Posted: Tue Apr 23, 2002 1:04 pm Post subject: |
 |
|
Novice
Joined: 22 Apr 2002
Posts: 14
|
Hi,
How do we set up security between two Queue managers running on
two different machines?
I need to develop an application running on my local QM sending
messages to an application on another QM which is part of a different
organization. Is there a way to set up security between the two QMs
at MQSeries level rather than putting security logic into applications?
Thanks in advance,
Balaji.
|
|
| Back to top |
|
 |
| VivekMeshram |
| Posted: Tue Apr 23, 2002 5:14 pm Post subject: |
|
|
Voyager
Joined: 25 Mar 2002
Posts: 83
|
Hi Balaji,
Yes you can set the security between the two QMs and Queues please do refer the setmqaut.Or Else its better if you can write up and scripts like follows
setmqaut -m $queueManager -n ${queueName} -t q -p ${appUser} +put +dsp +browse +get
The above will grant ${queueName} put+get+dsp+browse+get access for user ${appUser}
This way you can set the authority.!!Hope this will helps you.
Regards,
Vivek Meshram
EAI Consultant
Singapore
|
|
| Back to top |
|
|
| bpolimera |
| Posted: Wed Apr 24, 2002 7:28 pm Post subject: |
|
|
Novice
Joined: 22 Apr 2002
Posts: 14
|
Vivek,
Thanks much for the reply.
You mentioned about granting access to QM and Queue using
setmqaut command. I want to set up userid/password validation
between the applications on the two QMs. Let me describe the
scenario in detail.
I have an application A1 running on QM1. This application A1
requests services from application A2 running on QM2 by putting
a request message on to QM2.Q2 . Here, I want to impose the
restriction that any program (external to QM2) can put messages
on to QM2.Q2 only if they provide a valid userid/password.
I read in some MQSeries documentation that you can setup USERID/MCAUSERID
at channels for communication between QMs. If I understand correctly,
MQ series is validating messages based on just the UserName/verifying
that the userName on a remote machine belongs to a specific group on
local machine. But, I feel that this level of security is not good enough in
general as I can not trust the user from some other machine with out
checking his password. May be, I didnt understand this MQ security stuff
correctly.
Please throw some light..
Thanks again,
Balaji.
|
|
| Back to top |
|
|
| oz1ccg |
| Posted: Thu Apr 25, 2002 1:30 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Hi Balaji,
The only way today (might be changed in version 5.3, there is a lot of SSL and other security stuff  ) is to code it yourself or buy a solution from an ISV.
Today WebSphere MQ(prior to 5.3) only checks the userid and/or MCAUSERID is known depending on you setup.
A way might be placing password in the MQMD in encrypted format and let the receiving application do the password check after receiving the data. But this appoch requires a safe application design, so you can ensure that no unauth data will be dropped.
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| bpolimera |
| Posted: Thu Apr 25, 2002 8:15 am Post subject: |
|
|
Novice
Joined: 22 Apr 2002
Posts: 14
|
Jorgen,
You answered my question. Thanks very much!
So, as of MQ5.2 the application has to have the logic to
do userid/password validation.
Best Regards,
Balaji. |
|
| Back to top |
|
|
| sys1mtm |
| Posted: Fri May 03, 2002 6:44 am Post subject: |
|
|
Newbie
Joined: 11 Apr 2002
Posts: 3
|
Do you know where I can find any GOOD samples of security exit program written for an AS/400 server?
Thanks!! |
|
| Back to top |
|
|
| mrlinux |
| Posted: Mon May 06, 2002 4:03 am Post subject: |
|
|
Grand Master
Joined: 14 Feb 2002
Posts: 1261
Location: Detroit,MI USA
|
Well Websphere MQ v5.3 is coming out soon and it supports SSL, if you can put off until either Jun or Oct then you wont need the security exit.
_________________
Jeff
IBM Certified Developer MQSeries
IBM Certified Specialist MQSeries
IBM Certified Solutions Expert MQSeries |
|
| Back to top |
|
|
|
|
