runmqccred (obfuscate passwords for mqccred exit)
Obfuscate passwords in the .ini file used by the mqccred security exit.
Purpose
Use the runmqccred command to process the mqccred exit
.ini file to change all plain text passwords into an obfuscated form. This
command should be run before using the .ini
with the exit to ensure the exit runs
successfully.
Syntax
Optional Parameters
- -f
- Specify a specific file to edit, other than the default file.
By default, the program locates the
.ini
file in the same way as the channel exit. - -p
- By default the program fails with an error, if the filemode enables others to access the file you edited.
Usage notes
The runmqccred program locates the ini file in the same way as the channel exit. The program also writes console messages saying which file is being modified, and any success or failure status.
Note that the channel exit can work with either Password or OPW attributes, but the expectation is that you will protect passwords.
.ini
file manually to a system running a previous version if you want to use
clients there. By default the exit only works when there are no plain text passwords in the file. You can override this by using the NOCHECKS SCYDATA option.
The runmqccred program also checks that the .ini file does not have excessive permissions set that allow other users to access it. By default the program fails with an error if the filemode enables others to access it. Use the -p flag to continue processing even when the error appears.
- AIX® and Linux®
- The MQ_INSTALLATION_PATH/usr/mqm/samp/mqccred/
- Windows platforms
- The MQ_INSTALLATION_PATH\Tools\c\Samples\mqccred\
Configuration file 'C:\Users\User1\.mqs\mqccred.ini' is not secure.
Other users may be able to read it. No changes have been made to the file.
Use the -p option for runmqccred to bypass this error.
File 'C:\Users\User1\.mqs\mqccred.in' processed successfully.
Plaintext passwords found: 3