Development

Implementing MQ channel security in MQ V8

We’ve chosen to make use of the MQ V8 feature Connection Authentication and supply a user ID and password when we connect to the queue manager.

Below script depicts how to implement this feature MQ V8

  1. Create Queue Manger called TEST

crtmqm TEST

  1. Start Queue Manager TEST

strmqm TEST

  1. runmqsc TEST
  2. DEFINE LISTENER(TCP.1414) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)
  3. START LISTENER(TCP.1414)
  4. DEFINE CHANNEL(PRIVILEGED.SVRCONN) CHLTYPE(SVRCONN)
  5. SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(BLOCKUSER) USERLIST(‘nobody’) DESCR(‘Allow privileged users on this channel’)
  6. SET CHLAUTH(‘*’) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(NOACCESS) DESCR(‘BackStop rule’)
  7. SET CHLAUTH(PRIVILEGED.SVRCONN) TYPE(ADDRESSMAP) ADDRESS(‘*’) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
  8. ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
  9. REFRESH SECURITY TYPE(CONNAUTH)

We have defined server connection channel called PRIVILEGED.SVRCONN to connect to TEST Queue Manager.

CHLAUTH rule to allow a privileged user to be able to come through on this channel.

Covid 19
COVID-19: Digital Insights For Enterprise Action

Access Perficient’s latest insights into how you can leverage digital technologies to not only respond to the pandemic, but drive your operations forward and deliver experiences your customers need.

Get Informed

BackStop rule has the effect of stopping any remote connections from being able to attach to the queue manager.

CHCKCLNT(REQUIRED) mandates that all connections must supply a valid user id and password

AUTHTYPE(IDPWOS) Indicates that the queue manager uses the local operating system to authenticate the user ID and password.

To test this create user called test1 to under mqm group

Enter below channel info in rfhutilc to connect to Queue manager

PRIVILEGED.SVRCONN/TCP/X.X.X.X(1414)

Supply userid and password to connect to the PRIVILEGED.SVRCONN in Set Conn Id and click on MQConn to connect.

We can see below message in Rfhutilc for successful connection.

About the Author

More from this Author

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up
Categories