发表新帖
发表新帖

Provide anonymous access to IBM WebSphere MQ

前端 未结
关注
1 1748
天涯浪人
天涯浪人 2021-01-14 23:26

I am new to IBM WebSphere MQ. I am running it within a docker container. The user \'sampleuser\' and \'root\' are part of

相关标签:
1条回答
  • 长情又很酷
    2021-01-15 00:10

    I will assume you are using a supported version of MQ (7.1 or later).

    With MQ 7.1 and later a new queue manager by default will come with a few CHLAUTH rules, one of these disables connections to SVRCONN channels from users with MQ administrative authority. In this case you have placed the user sampleuser in the MCAUSER of the channel. Since sampleuser is a member of the mqm group it is disallowed by default.

    Based on the setup you present if the connection was allowed you would be allowing any user that can connect over the network to your MQ listener port the ability to manage the queue manager, define queues, delete queues, add permissions, etc.

    Look at this answer by T.Rob for some more detail on how to make this work without disabling security "Unable to connect to queue manager in WebSphere MQ 7.1".

    I also have another post with some similar information "C# MQ Connect get Error 2035 but Java MQ Connect works well"

    Update #1

    The logs show that you are getting a connection authentication error. With MQ 8.0 and later by default the queue manager is configured to require a valid password be specified for MQ Administrative users, since sampleuser is part of the mqm group it falls into this category.

    You can configure MQ Explorer to send a username and password when connecting to the queue manager.

    1. Right click the queue manager name
    2. Select Connection Details
    3. Select Properties...
    4. Select Userid
    5. Check the box next to "Enable user identification"
    6. Fill in the Userid field
    7. If you leave it as "Prompt for password" it will ask you each time you open MQ Explorer for the password when you attempt to connect to the queue manager. You have the option of selecting "Use saved password" and then providing the password.

    I do not recommend you do this, but if you want to disable security and allow anyone to connect as a MQ administrator to your queue manager with out providing a valid password you can disable this with the following command. 

    ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
    0 讨论(0)
 看不清?
提交回复
热议问题