Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Websphere MQ v8 - MQRC_NOT_AUTHORIZED - 2035

I am testing WebSphere on local for development purposes and now i wanted to move to new PC. But i dont remember exactly how i get rid of that error in title. I know there are tons of posts about this error since introduction MQ 7.1 how to disabled security. I remember last time i did runmqsc.exe QM_name -> ALTER CHLAUTH(DISABLED). But its not working anymore?! What else i need to change so anyone can connect to queue?

> DIS QMGR CHLAUTH
>      2 : DIS QMGR CHLAUTH AMQ8408: Display Queue Manager details. 
>  QMNAME(QueueManager1)                   CHLAUTH(DISABLED)

Thanks.

like image 705
JIV Avatar asked Sep 18 '14 11:09

JIV


2 Answers

Ok so i found it! ALTER CHLAUTH(DISABLED) is not enough, you have to remove Connection Authentification as well (QM properties -> Extended)

like image 183
JIV Avatar answered Sep 28 '22 05:09

JIV


WebSphere MQ V7.1 introduced CHLAUTH rules which by default banned remote access by privileged users. To turn off CHLAUTH you are correct that you can issue

ALTER QMGR CHLAUTH(DISABLED)

However, you could also very simply allow yourself access on a particular channel as described in CHLAUTH - Allow some privileged admins.

IBM MQ V8 introduced Connection Authentication which default demands a password to authenticate a remote privileged user. To make this OPTIONAL (as it is for non-privileged users) you can issue

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
      CHCKCLNT(OPTIONAL)

rather than turning it off completely with

ALTER QMGR CONNAUTH(' ')

After either of these commands you'll need to issue the following command for the queue manager to be aware of your changes.

REFRESH SECURITY TYPE(CONNAUTH)

You mention that this is for development purposes which is fair enough, but remember to turn these features on so that you can make your queue manager secure when using it in production!

Also, remember that the queue manager error log will provide you with details about why your application got the 2035, for example, "Channel is Blocked" for CHLAUTH and "Missing password" for CONNAUTH.

like image 42
Morag Hughson Avatar answered Sep 28 '22 04:09

Morag Hughson