ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » Understanding CHLAUTH

Post new topic  Reply to topic
 Understanding CHLAUTH « View previous topic :: View next topic » 
Author Message
Mangesh1187
PostPosted: Wed Mar 30, 2016 5:27 am    Post subject: Understanding CHLAUTH Reply with quote

Centurion

Joined: 23 Mar 2013
Posts: 116
I am trying to understand the CHLAUTH feature .
I have a MQ 7.5(Windows) , Queue Manager: QM5 , SVRCONN channel : CHL1 (without SSL)

Scenario 1: Try to connect using CHL1 from MQ explorer from my Local Machine. It should reject the connection , as CHLAUTH is enabled.
> As expected the connection rejected.

Scenario 2: To allow channel CHL1 only to connect to the QM5 for MQ ADMIN task using MQ Explorer.
> I have execute the below in QM5
SET CHLAUTH(CHL1) TYPE(USERMAP) CLNTUSER(my_name) MCAUSER('mqadmin')
> Tried connecting from the MQ Explorer . As expected able to connect.

Scenario 3: To diallow connection From my MQ explorer of the same machine from where I tested abve scenario.
> I have executed the below :
SET CHLAUTH(CHL1) TYPE(ADDRESSMAP) ADDRESS('my_machine_address) USERSRC(NOACCESS)

> Tried again from the MQ Explorer. But I am still able to connect, where I was expecting I should not able to connect.
> I can ssee CHL1 is running with the same IP adress , which I have given in the ADDRESS parameter above.

Anything I am missing here ?
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Mar 30, 2016 10:59 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
If I'm understanding your question correctly, you are making two different connections from the same machine? Is this correct? What is different about the two connections that you intend the CHLAUTH rules to use to differentiate between them and let one in, but disallow the other? Is it that one runs using CLNTUSER(my_name) and the other does not?

If you are unsure how each connection is reflected at the queue manager in terms of the fields CHLAUTH checks here is something to try. Starting as you did without the new CHLAUTH rule in place, where both channel connections are blocked, run each connection attempt and then look in the queue manager's error log to see the 'Channel is blocked' error message. This will show you what all the fields checked by CHLAUTH are. You can then see how to build a rule that can allow one in and disallow the other. If you are still unsure, post the results of what you find back on here.

P.S. Please ensure you have a backstop rule in place (see https://www.ibm.com/developerworks/community/blogs/aimsupport/entry/websphere_mq_chlauth_the_back_stop_rule)

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » Understanding CHLAUTH
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.