Re: OAM and Security Exits
>every single MQ client users cannot be a user on the server You would use the security exit to map from the real client identity to the userid with whose authority you want then to run under, and plug MCAUSER with that value. David Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: OAM and Security Exits
In my scenario, every single MQ client users cannot be a user on the server machine. Is it possible for me to use OAM ? Thanks Usha At 01:45 PM 2/24/2004 -0500, you wrote: well, if all of your authorized clients have access to all queues, there's no problem. But if this is not the case, then using the facilities of the OAM are in order. The Security Exit should (could) set the MCAUSER field corresponding to the clients authority (as per OAM settings). Usha Suryadevara <[EMAIL PROTECTED]To: [EMAIL PROTECTED] .COM>cc: Sent by: MQSeries Subject: OAM and Security Exits List <[EMAIL PROTECTED] n.AC.AT> 02/24/2004 01:25 PM Please respond to MQSeries List Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: OAM and Security Exits
Thanks for all the reply's guys. Ok, so it is important that i use OAM. Please help me understand few things here. So OAM by default validates the user id on * MQMD.UserIdentifier or * windows OS userid or *MCAUserIdentifier ? Also how do i install this service back. Because i had deleted the service when i created my QueueManager. Does adding the AuthorizationService back on the QueueManager and restarting the QueueManager Service mean i installed the OAM ? Thanks Usha At 01:47 PM 2/24/2004 -0500, you wrote: Usha, The Security Exit can be used to prevent unauthorized use of the channel connecting to the Queue Manager, where the OAM would be used to protect the actual MQ resources (i.e. Queues). With the OAM you can prevent people from accessing the messages in the queues locally, without using distributed queuing and channels. Barry D. Lamkin Senior Solutions Architect Candle Corporation |-+---> | | Usha Suryadevara| | | <[EMAIL PROTECTED]| | | L.COM> | | | Sent by:| | | MQSeries List | | | <[EMAIL PROTECTED]| | | EN.AC.AT> | | | | | | | | | 02/24/2004 01:25| | | PM | | | Please respond | | | to MQSeries List| | | | |-+---> > > --| | > | |To: [EMAIL PROTECTED] | |cc: | | Subject: OAM and Security Exits | > >- >-- | Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: OAM and Security Exits
Usha, The Security Exit can be used to prevent unauthorized use of the channel connecting to the Queue Manager, where the OAM would be used to protect the actual MQ resources (i.e. Queues). With the OAM you can prevent people from accessing the messages in the queues locally, without using distributed queuing and channels. Barry D. Lamkin Senior Solutions Architect Candle Corporation |-+---> | | Usha Suryadevara| | | <[EMAIL PROTECTED]| | | L.COM> | | | Sent by:| | | MQSeries List | | | <[EMAIL PROTECTED]| | | EN.AC.AT> | | | | | | | | | 02/24/2004 01:25| | | PM | | | Please respond | | | to MQSeries List| | | | |-+---> >---| | | |To: [EMAIL PROTECTED] | |cc: | | Subject: OAM and Security Exits | >---| Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: OAM and Security Exits
The security exit is just involved in authenticating who the user is who's connecting to the queue manager. OAM is involved in what they can do once they get there. Unless you want to allow everyone to access everything, it would seem that you'll need it. - Bruce Giordano Usha Suryadevara <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Sent by: MQSeries List Subject: OAM and Security Exits <[EMAIL PROTECTED]> Tuesday February 24, 2004 01:25 PM Please respond to MQSeries List Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: OAM and Security Exits
well, if all of your authorized clients have access to all queues, there's no problem. But if this is not the case, then using the facilities of the OAM are in order. The Security Exit should (could) set the MCAUSER field corresponding to the clients authority (as per OAM settings). Usha Suryadevara <[EMAIL PROTECTED]To: [EMAIL PROTECTED] .COM>cc: Sent by: MQSeries Subject: OAM and Security Exits List <[EMAIL PROTECTED] n.AC.AT> 02/24/2004 01:25 PM Please respond to MQSeries List Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
OAM and Security Exits
Hi all, Does using Security Exits and OAM (on the QM) together buy us anything ? If i have a security exit running on the QueueManager, the QueueManager is protected right ? No third party user can get to my QueueManager unless and until their client code initiates the security exit on the client side which then talks to the server side security exit in order to establish a connection. Btw, the scenario i am looking at is a windows client server environment and both MQ series client and server are at version 5.3. Thanks Usha Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive