ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ API Support » Password Exit Issue

Post new topic  Reply to topic
 Password Exit Issue « View previous topic :: View next topic » 
Author Message
Mike Cianciulli
PostPosted: Wed May 22, 2002 10:06 am    Post subject: Password Exit Issue Reply with quote

Newbie

Joined: 22 May 2002
Posts: 1
I currently have an NT based application that is using a password authentication for access to MQ objects on OS/390. At some point something has gone amok. The password authentication is working fine. Users can even change expired passwords.

The problem I noticed while we were testing data sharing was the authenticated user IS NOT being checked for access to MQ objects. The only ID being checked is the CHININIT userid. This is a problem because the CHININIT basically has access to all objects.

We tried playing with the RESLEVEL profiles but had no luck. We are now thinking the problem may be with the exit itself. Is it possible something in the PC application could cause this type of problem?

In any event, I want to look at the exit but my Assembler is pretty lame. Is there anywhere where I can find some sample code?

Thanks
Back to top
View user's profile Send private message Send e-mail
oz1ccg
PostPosted: Wed May 22, 2002 1:46 pm    Post subject: Reply with quote

Yatiri

Joined: 10 Feb 2002
Posts: 628
Location: Denmark
Well thats right, there are no check of userid/password in MQSeries on OS/390 up to version 5.2, if it come in version 5.3 ??

You have to write two exits, one for the NT world which will be able to pass the password over to OS/390 world.
And on OS/390 it's the same, write an exit, this must consist of two pieces, one that is unautorized, and one that is autorized.

There is a support pack MS13, which incoperrates the OS/390 side:
http://www-3.ibm.com/software/ts/mqseries/txppacs/ms13.html

I've tried the solution, but it might give you a small problem, like allowing people to use FTP, and the they can try a wrong password 4 times and the user will be rewoked... If some mrs. BlackHat knows your userid nameing convention, mrs. BlackHat will be able to revoke your site nice and easy (offcause she also will need the channel_name, Qmgr_name and connection name).

What I did was created a table with channelname and userid, so i could control which user was allowed to use which channel, and first after this verification, request a password check.... This gives mrs. BlackHat hard times....
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ API Support » Password Exit Issue
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.