IBM Support

MQ Security Notes 4, remote access to Administrators, back stop CHLAUTH, MCAUSER, wildcards in setmqaut, long userids, and long passwords

White Papers


Abstract

This article discusses several topics regarding MQ Security: remote access to Administrators, back stop CHLAUTH, MCAUSER, wildcards in setmqaut, long userids, and long password.

Content

List of scenarios:
 1: Configuration of the servers
 2: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (no password was provided)
 3: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (valid password was provided)
 4: Allowing remote access to MQ Administrators (for Testing) by disabling the feature of channel authentication records (incorrect password was provided)
 5: Removing requirement for MQ Administrators to provide valid password (for Testing)
 6: Allowing remote access to MQ Administrators (for Testing) to SYSTEM.ADMIN.SVRCONN by adding channel authentication records for all hosts
 7: Allowing remote access to MQ Administrators (for Testing) by adding  channel authentication records for only one host
 8: How to remove channel authentication records 
 9: Incomplete setup of CHLAUTH for non-system server-connection channels
10: Complete setup of CHLAUTH for non-system server connection channels – using back stop rule
11: Using CHLAUTH with a mapping to an existing user, to avoid the need to create many users in the server of the queue manager
12: Bad security practice of using MCAUSER(mqm) in channels in PRODUCTION queue managers
13: Example of using MCAUSER(bob) in a server-connection channel
14: Using Wildcards in setmqaut for a set of queues
15: MQCSP can be used to allow userids and passwords that are longer than 12 characters
16: MQ Administrator userids CANNOT longer than 12 characters (cannot use MQCSP).

 
+ Audio MP3:
The following 3 MP3 files contain Part 1, Part 2, and Part 3 of the recording of the presentation (15-Apr-2021).
+++ end +++

[{"Type":"SW","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008QDAAY","label":"Security->Authorization"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
19 April 2021

UID

ibm16443421