We’ve chosen to make use of the MQ V8 feature Connection Authentication and supply a user ID and password when we connect to the queue manager.
Below script depicts how to implement this feature MQ V8
- Create Queue Manger called TEST
- Start Queue Manager TEST
- runmqsc TEST
- DEFINE LISTENER(TCP.1414) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)
- START LISTENER(TCP.1414)
- DEFINE CHANNEL(PRIVILEGED.SVRCONN) CHLTYPE(SVRCONN)
- SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(BLOCKUSER) USERLIST(‘nobody’) DESCR(‘Allow privileged users on this channel’)
- SET CHLAUTH(‘*’) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(NOACCESS) DESCR(‘BackStop rule’)
- SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
- ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
- REFRESH SECURITY TYPE(CONNAUTH)
We have defined server connection channel called PRIVILEGED.SVRCONN to connect to TEST Queue Manager.
CHLAUTH rule to allow a privileged user to be able to come through on this channel.
BackStop rule has the effect of stopping any remote connections from being able to attach to the queue manager.
CHCKCLNT(REQUIRED) mandates that all connections must supply a valid user id and password
AUTHTYPE(IDPWOS) Indicates that the queue manager uses the local operating system to authenticate the user ID and password.
To test this create user called test1 to under mqm group
Enter below channel info in rfhutilc to connect to Queue manager
Supply userid and password to connect to the PRIVILEGED.SVRCONN in Set Conn Id and click on MQConn to connect.
We can see below message in Rfhutilc for successful connection.