Posted: Thu May 03, 2018 3:34 pm Post subject: MQ security question
Novice
Joined: 06 Feb 2017 Posts: 19
Hi,
I am upgrading a queue manager that supports 2000+ client connections from remote desktops. There is no central LDAP and the desktop users are not defined on the MQ server.
The existing server has a few lines commented out in the mq.ini file that allow the MQCONN calls to establish a SVRCONN channel and put and get messages. No need for TLS as its an internal network and banks have good firewalls javascript:emoticon('')
Are there any OOTB MQ options for the new infrastructure to support authorisation and authentication via a M/A client certificate handshake and still leave the MQMD.UserIdentifier as the value the client identified for the message?
The only option I can see that would work is an exit to grab the identified CLNTUSER and store it elsewhere in the MQMD. The IIB message flow could reinstate the user later in the process before it gets to zOS/CICS where it is needed in the MQMD.
Any better suggestions? Of should we just wait for a group wide LDAP.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum