views:

57

answers:

1

I would like to authenticate the user against the MQ Series before user places the Queue message in Queue manager. I am using the IBM MQ Series V7. I would like to know how does the authentication and Key certificate works in terms of validation. It will be great if i can get any helpful links on the same.

+1  A: 

These might be of some help...
Mission:Messaging: Scripted WebSphere MQ key file management for UNIX and Windows http://bit.ly/3L1nja
Mission:Messaging: Planning for SSL on the WebSphere MQ network http://bit.ly/3loir

They key is that you authenticate using SSL and SSLPEER or an exit. But the user can still present any ID and it is accepted. You enforce the authentication against a particular user ID by placing the ID in the MCAUSER field of the channel. If it's a channel with only one authorized user, hard code this. If the channel has many authorized users, use an exit such as BlockIP2 from http://mrmq.dk to map the SSL DN to an ID and set the MCAUSER at connect time. Make sure if you use the exit to set MCAUSER in the channel definition to 'nobody' so that if the exit is misconfigured the channel will fail safe instead of wide open.

See my Hardening WebSphere MQ Security presentation at http://t-rob.net/links for additional details.

T.Rob
http://bit.ly/3loir this link helped to slove the problem. Thanks for your help on this.