Implementing MQ channel security in MQ V8 - Perficient Blogs
Blog
  • Topics
  • Industries
  • Partners

Explore

Topics

Industries

Partners

Implementing MQ channel security in MQ V8

We’ve chosen to make use of the MQ V8 feature Connection Authentication and supply a user ID and password when we connect to the queue manager.

Below script depicts how to implement this feature MQ V8

  1. Create Queue Manger called TEST

crtmqm TEST

  1. Start Queue Manager TEST

strmqm TEST

  1. runmqsc TEST
  2. DEFINE LISTENER(TCP.1414) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)
  3. START LISTENER(TCP.1414)
  4. DEFINE CHANNEL(PRIVILEGED.SVRCONN) CHLTYPE(SVRCONN)
  5. SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(BLOCKUSER) USERLIST(‘nobody’) DESCR(‘Allow privileged users on this channel’)
  6. SET CHLAUTH(‘*’) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(NOACCESS) DESCR(‘BackStop rule’)
  7. SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
  8. ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
  9. REFRESH SECURITY TYPE(CONNAUTH)

We have defined server connection channel called PRIVILEGED.SVRCONN to connect to TEST Queue Manager.

CHLAUTH rule to allow a privileged user to be able to come through on this channel.

BackStop rule has the effect of stopping any remote connections from being able to attach to the queue manager.

CHCKCLNT(REQUIRED) mandates that all connections must supply a valid user id and password

AUTHTYPE(IDPWOS) Indicates that the queue manager uses the local operating system to authenticate the user ID and password.

To test this create user called test1 to under mqm group

Enter below channel info in rfhutilc to connect to Queue manager

PRIVILEGED.SVRCONN/TCP/X.X.X.X(1414)

Supply userid and password to connect to the PRIVILEGED.SVRCONN in Set Conn Id and click on MQConn to connect.

We can see below message in Rfhutilc for successful connection.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up

Categories