White Papers
Abstract
This article discusses several topics regarding MQ Security: remote access to Administrators, back stop CHLAUTH, MCAUSER, wildcards in setmqaut, long userids, and long password.
Content
List of scenarios:
1: Configuration of the servers
2: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (no password was provided)
3: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (valid password was provided)
4: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (incorrect password was provided)
5: Removing requirement for MQ Administrators to provide valid password (for Testing)
6: Allowing remote access to MQ Administrators (for Testing) to SYSTEM.ADMIN.SVRCONN by adding channel authentication records for all hosts
7: Allowing remote access to MQ Administrators (for Testing) by adding channel authentication records for only one host
8: How to remove channel authentication records
9: Incomplete setup of CHLAUTH for non-system server-connection channels
10: Complete setup of CHLAUTH for non-system server connection channels – using back stop rule
11: Using CHLAUTH with a mapping to an existing user, to avoid the need to create many users in the server of the queue manager
12: Bad security practice of using MCAUSER(mqm) in channels in PRODUCTION queue managers
13: Example of using MCAUSER(bob) in a server-connection channel
14: Using Wildcards in setmqaut for a set of queues
15: MQCSP can be used to allow userids and passwords that are longer than 12 characters
16: MQ Administrator userids CANNOT longer than 12 characters (cannot use MQCSP).
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm16443421