| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ-Client Authentication / Security |
« View previous topic :: View next topic » |
| Author |
Message
|
| tony@work |
 Posted: Sun Feb 23, 2003 5:53 pm Post subject: MQ-Client Authentication / Security |
 |
|
Newbie
Joined: 12 Nov 2001
Posts: 9
Location: Australia
|
Hi,
I am trying to establish what kind of authentication processes are available between a MQ-Client and a MQ-Server.
We currently have pc based application being developed which will connect to a remote MQ-Server via across a MQ-Client connection. There is concern about the nature of this connection method, and people are asking what kind of authentication can take place between the Client and Server?
Our current environment is based on v5.2 of MQSeries, but there are plans to migrate to v5.3, but this won't happen for quite a few months. This eliminates the use of the SSL feature.
I have read chapter 7 of the clients book, and understand that a security exit can be implemented on the servers' receiver channel (our scenario wouldn't have the client exit in use). This would work, but without having any prior knowledge of exits, there are a few blanks to fill ...
- How is the userid/pwd list stored for the exit in this arrangement?
Another solution is to purchase a 3rd party product to perform our requirments, thus eliminating anyone inhouse from building and maintaining a product (exit). I am aware of 1 such product put out by Candle, MQSecure, which will satisfy our situation. Does anyone know of other such MQ Security products that will operate on the Client and Server level?
Has anyone setup such a solution, which would encompass a Win -> AIX environment? Any issues to watch out for?
Thanks ...
Tony. |
|
| Back to top |
|
 |
| mrlinux |
| Posted: Sun Feb 23, 2003 9:22 pm Post subject: |
|
|
Grand Master
Joined: 14 Feb 2002
Posts: 1261
Location: Detroit,MI USA
|
Well by default the userid that is attempting to establish a client connection
must have permission on the server box to access qmgr/queues
_________________
Jeff
IBM Certified Developer MQSeries
IBM Certified Specialist MQSeries
IBM Certified Solutions Expert MQSeries |
|
| Back to top |
|
|
| kolban |
| Posted: Thu Feb 27, 2003 9:34 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA
|
You will almost certainly need a pair of exits. One runnin at the client and one running at the server. For IBM's MQSeries clients, no password is supplied on an MQ Client connection. What this means is that there is nothing at the server to authenticate.
A client side exit will usually prompt the user to enter a password and this will be sent back to the server for authentication. The authentication of userid and password is not done by MQ nor specified in any way. It is solely the responsibility of the server side exit to perform the authentication. |
|
| Back to top |
|
|
| leongor |
| Posted: Fri Feb 28, 2003 5:30 am Post subject: |
|
|
Master
Joined: 13 May 2002
Posts: 264
Location: Israel
|
Another option is to use third party products like Kerberos or DCE.
They use single sign on and have MQSeries security exits for integration with MQSeries.
_________________
Regards.
Leonid.
IBM Certified MQSeries Specialist. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
