This is not a new question, but it has come in again several times in the last few weeks: how best to script MQSC operations where the connection requres a password. Rather than repeat the answer, I’ve put it here for convenience.
Continue reading “Passwords with runmqsc scripts”Tag: security
Recording queue manager object access
In this post I’ll talk about a new exit (Installable Service) that can be used with an MQ 9.3 installation for recording queue manager object access requests. It can provide a level of reporting who is using what and when. I’ll show what it does, how it does it, and what the limitations are.
Continue reading “Recording queue manager object access”A obsolete MQ channel option saved the day
After recovering from a site-wide power failure and restart, something then went wrong with my AIX system so that I could no longer log into it. It seemed that the ssh service had died. And none of the other standard Unix services like telnet were enabled for security reasons. I’ll show how I was able to recover, and how an obsolete MQ channel option saved the day.
Continue reading “A obsolete MQ channel option saved the day”This post was last updated on February 24th, 2022 at 11:10 am
Resolving subscription authorisation failures
It never fails to amaze me how often the same question gets asked by different people from different projects at around the same time. This time, I was asked by two people about resolving subscription authorisation failures. I could find lots of information about IBM MQ publish/subscribe, and general descriptions of what security checks are made. But there was not so much on how to use information from the queue manager that can help to deal with the inevitable failures.
Continue reading “Resolving subscription authorisation failures”This post was last updated on December 13th, 2021 at 01:23 pm
Controlling queue creation
A recent thread on mqseries.net asked about controlling queue creation in MQ. In particular, how to set authorities so that one user can create queues like “ABC…” but not “DEF…”. There are answers given in that thread both on the ability to do it, and the reason why it’s not usually something that’s needed.
In summary, it’s not possible to control it with setmqaut
commands. And since queue creation is usually done by administrators, there’s not really any need to restrict it further.
But the thread did remind me of some code I’d written a few years ago while considering the same question as part of a larger piece of work. And so I thought I’d dredge up that PoC and make it a bit more readable. It shows how you can, in fact, implement that level of control on platforms where you can install extensions to the MQ Authorisation interface.
Continue reading “Controlling queue creation”