runmqccred (obfuscate passwords for mqccred exit)
Obfuscate passwords in the .ini
file used by the mqccred security exit.
Purpose
Use the runmqccred command to process the mqccred exit .ini
file to change all plain text passwords into an obfuscated form. This command should be run before using the .ini
with the exit to ensure the exit runs successfully.
Syntax
Optional Parameters
- -f
- Specify a specific file to edit, other than the default file.
By default, the program locates the
.ini
file in the same way as the channel exit. - -p
- By default the program fails with an error, if the filemode enables others to access the file you edited.
Usage notes
The runmqccred program locates the ini file in the same way as the channel exit. The program also writes console messages saying which file is being modified, and any success or failure status.
Note that the channel exit can work with either Password or OPW attributes, but the expectation is that you will protect passwords.
.ini
file manually to a system running a previous version if you want to use clients there. By default the exit only works when there are no plain text passwords in the file. You can override this by using the NOCHECKS SCYDATA option.
The runmqccred program also checks that the .ini
file does
not have excessive permissions set that allow other users to access it. By default the program fails
with an error if the filemode enables others to access it. Use the -p flag to
continue processing even when the error appears.
- Windows platforms
- The <installation directory>\Tools\c\Samples\mqccred\
- UNIX platforms
- The <installation directory>/usr/mqm/samp/mqccred/
Configuration file 'C:\Users\User1\.mqs\mqccred.ini' is not secure.
Other users may be able to read it. No changes have been made to the file.
Use the -p option for runmqccred to bypass this error.
File 'C:\Users\User1\.mqs\mqccred.in' processed successfully.
Plaintext passwords found: 3