Re: Domain users requiring access to WBI MB Config Manager

2004-08-03 Thread Wright, Tim (AFM) 
Title: Message



Not
specifically documented but when you configure the connection to the
configuration manager in the toolkit, there is only a security exit option in
the configuration pane. I couldn't find anything in the info center to explain
how you would get the toolkit to use SSL to connect to the configuration
manager. I'll search through the documents again and see if I'm being an idiot (
more than likely )
 
tim

  
  -Original Message-From: Potkay, Peter M
  (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August
  2004 18:01To: [EMAIL PROTECTED]Subject: Re: Domain
  users requiring access to WBI MB Config Manager
  The
  class I took said it did. Its just a JAVA client connecting to a Queue
  Manager. Is it documented somewhere that it does not allow this?
  
  
-Original Message-From: Wright, Tim (AFM)
[mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:49
PMTo: [EMAIL PROTECTED]Subject: Re: Domain users
requiring access to WBI MB Config Manager
I
thought the WBIMB toolkit doesn't support SSL connections to the config
manager ( security exits only )

  
  -Original Message-From: Potkay,
  Peter M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent:
  03 August 2004 17:32To:
  [EMAIL PROTECTED]Subject: Re: Domain users requiring
      access to WBI MB Config Manager
  Hard code a value in the MCAUSER of the SVRCONN channel used by the
  Toolkit, and then use SSL to insure only the users you want can use it.
  Then you only have to give that 1 ID access.
   
  If you don't have that channel protected by SSL and its MCAUSER is
  blank, it is a wide open hole for anyone to connect to with mqm
  authority.
   
   
  
-Original Message-From: Kulbir S. Thind
[mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004
12:30 PMTo: [EMAIL PROTECTED]Subject: Domain
users requiring access to WBI MB Config
ManagerHi,
We have a W2K Configuration Manager (v5,
CSD 3) installed that we need to provide access to.  This is
normally a straight forward step which involves adding domain accounts
to the local groups used by WMQ (mqm) and WBIMB (5 groups).
  However, the users we're
trying to add do not belong to one of our company domains, they belong
to a domain in their own company.  We're trying to provide our off
shore company with enough access to our configuration manager to allow
them to be able to establish a domain connection, however we can't find
a way of adding their domain accounts to our local groups.  Has
anyone done this or know of a way of being able to do this?
Thanks, Kulbir.This communication,
  including attachments, is for the exclusive use of addressee and may
  contain proprietary, confidential or privileged information. If you
  are not the intended recipient, any use, copying, disclosure,
  dissemination or distribution is strictly prohibited. If you are not
  the intended recipient, please notify the sender immediately by return
  email and delete this communication and destroy all
  copies..sophos.3.83.08.03.*Emails
aren't always secure, and they may be intercepted or changed after they've
been sent. Abbey doesn't accept liability if this happens. If you think
someone may have interfered with this email, please get in touch with the
sender another way.This message doesn't create or change any
contract. Abbey doesn't accept responsibility for damage caused by any
viruses contained in this email or its attachments. Emails may be
monitored.If you've received this email by mistake, please let the
sender know at once that it's gone to the wrong person and then destroy it
without copying, using, or telling anyone about its contents. Abbey
National Treasury Services plc Reg. No. 2338548, Cater Allen International
Ltd Reg. No. 2572704, and Inscape Investments Limited Reg. No. 3839455 are
registered in England and have their Registered Offices at: Abbey National
House, 2 Triton Square, Regent's Place, London, NW1 3AN.Cater Allen
International Ltd is a subsidiary of Abbey National Treasury Services plc.
Abbey National Treasury Services plc and Cater Allen International Ltd are
Members of The London Stock Exchange.Abbey National Asset Managers
Ltd. Reg. No. 106669. Registered Office: Abbey National House, 301 St
Vincent Street, Glasgow, G2 5HN. Registered in Scotland.Abbey National
Asset Managers Ltd and Inscape Investments Limited are members of the Abbey
Marketing Group and provide OEICS, PEPS, and ISAs.

Re: Domain users requiring access to WBI MB Config Manager

2004-08-03 Thread Wyatt, T.rob 



Kulbir,
 
I
second Peter's suggestion but wanted to comment directly on your query about
adding their accounts to your groups.  The only way to do this is through a
trust relationship between the domains. (This may be called something else in
Active directory but in NT it was domain trusts.)  This is a LOT bigger
deal than securing a QMgr with SSL and an MCAUSER.
 
As a
second alternative, why not get the offshore team their own accounts?  In
our shop we put up a dedicated Windows server that the users sign onto for
a Windows desktop and access to a configuration manager.  The gateway
server allows you to keep all of the domain authentication, security, server and
MQ administration in-house.  When you control all the pieces, your risk is
reduced.  We factored the cost of the gateway into the cost savings of
using an offshore team.
 
Incidentally, the advice about securing your SVRCONN applies whether your
users are authenticated in your domain or not.  Even if you didn't have the
offshore team to worry about, an unsecured SVRCONN channel gives full MQ admin
authority to anyone who connects to it.  Tie it down if you have not
already.
 
--
T.Rob

  -Original Message-From: MQSeries List
  [mailto:[EMAIL PROTECTED]On Behalf Of Potkay, Peter M (ISD,
  IT)Sent: Tuesday, August 03, 2004 12:32 PMTo:
  [EMAIL PROTECTED]Subject: Re: Domain users requiring access
  to WBI MB Config Manager
  Hard
  code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and
  then use SSL to insure only the users you want can use it. Then you only have
  to give that 1 ID access.
   
  If
  you don't have that channel protected by SSL and its MCAUSER is blank, it is a
  wide open hole for anyone to connect to with mqm
authority.
   
   
  
-Original Message-From: Kulbir S. Thind
[mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004
12:30 PMTo: [EMAIL PROTECTED]Subject: Domain
users requiring access to WBI MB Config
ManagerHi,
We have a W2K Configuration Manager (v5, CSD
3) installed that we need to provide access to.  This is normally a
straight forward step which involves adding domain accounts to the local
groups used by WMQ (mqm) and WBIMB (5 groups).   However, the users we're trying to add do not belong to
one of our company domains, they belong to a domain in their own company.
 We're trying to provide our off shore company with enough access to
our configuration manager to allow them to be able to establish a domain
connection, however we can't find a way of adding their domain accounts to
our local groups.  Has anyone done this or know of a way of being able
to do this? Thanks,
Kulbir.This communication, including attachments, is for the exclusive
  use of addressee and may contain proprietary, confidential or privileged
  information. If you are not the intended recipient, any use, copying,
  disclosure, dissemination or distribution is strictly prohibited. If
  you are not the intended recipient, please notify the sender
  immediately by return email and delete this communication and destroy all
  copies.

Re: Domain users requiring access to WBI MB Config Manager

2004-08-03 Thread Potkay, Peter M (ISD, IT) 
Title: Message



The
class I took said it did. Its just a JAVA client connecting to a Queue Manager.
Is it documented somewhere that it does not allow this? 

  -Original Message-From: Wright, Tim (AFM)
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:49
  PMTo: [EMAIL PROTECTED]Subject: Re: Domain users
  requiring access to WBI MB Config Manager
  I
  thought the WBIMB toolkit doesn't support SSL connections to the config
  manager ( security exits only )
  

-Original Message-From: Potkay, Peter
M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August
2004 17:32To: [EMAIL PROTECTED]Subject: Re:
Domain users requiring access to WBI MB Config Manager
Hard code a value in the MCAUSER of the SVRCONN channel used by the
Toolkit, and then use SSL to insure only the users you want can use it. Then
you only have to give that 1 ID access.
 
If
you don't have that channel protected by SSL and its MCAUSER is blank, it is
a wide open hole for anyone to connect to with mqm
authority.
 
 

  -Original Message-From: Kulbir S. Thind
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004
  12:30 PMTo: [EMAIL PROTECTED]Subject: Domain
  users requiring access to WBI MB Config
  ManagerHi,
  We have a W2K Configuration Manager (v5,
  CSD 3) installed that we need to provide access to.  This is normally
  a straight forward step which involves adding domain accounts to the local
  groups used by WMQ (mqm) and WBIMB (5 groups).   However, the users we're trying to add do not belong to
  one of our company domains, they belong to a domain in their own company.
   We're trying to provide our off shore company with enough access to
  our configuration manager to allow them to be able to establish a domain
  connection, however we can't find a way of adding their domain accounts to
  our local groups.  Has anyone done this or know of a way of being
  able to do this? Thanks,
  Kulbir.This communication, including attachments, is for the
exclusive use of addressee and may contain proprietary, confidential or
privileged information. If you are not the intended recipient, any use,
copying, disclosure, dissemination or distribution is strictly
prohibited. If you are not the intended recipient, please notify the
sender immediately by return email and delete this communication and
destroy all copies..sophos.3.83.08.03.*Emails
  aren't always secure, and they may be intercepted or changed after they've
  been sent. Abbey doesn't accept liability if this happens. If you think
  someone may have interfered with this email, please get in touch with the
  sender another way.This message doesn't create or change any contract.
  Abbey doesn't accept responsibility for damage caused by any viruses contained
  in this email or its attachments. Emails may be monitored.If you've
  received this email by mistake, please let the sender know at once that it's
  gone to the wrong person and then destroy it without copying, using, or
  telling anyone about its contents. Abbey National Treasury Services
  plc Reg. No. 2338548, Cater Allen International Ltd Reg. No. 2572704, and
  Inscape Investments Limited Reg. No. 3839455 are registered in England and
  have their Registered Offices at: Abbey National House, 2 Triton Square,
  Regent's Place, London, NW1 3AN.Cater Allen International Ltd is a
  subsidiary of Abbey National Treasury Services plc. Abbey National Treasury
  Services plc and Cater Allen International Ltd are Members of The London Stock
  Exchange.Abbey National Asset Managers Ltd. Reg. No. 106669.
  Registered Office: Abbey National House, 301 St Vincent Street, Glasgow, G2
  5HN. Registered in Scotland.Abbey National Asset Managers Ltd and Inscape
  Investments Limited are members of the Abbey Marketing Group and provide
  OEICS, PEPS, and ISAs.Abbey National Treasury Services plc, Cater
  Allen International Ltd, Inscape Investments Limited, and Abbey National Asset
  Managers Ltd are authorised and regulated by the Financial Services
  Authority.Abbey Financial Markets is the brand name for Abbey National
  Treasury Services plc.

Re: Domain users requiring access to WBI MB Config Manager

2004-08-03 Thread Wright, Tim (AFM) 
Title: Message



I
thought the WBIMB toolkit doesn't support SSL connections to the config manager
( security exits only )

  
  -Original Message-From: Potkay, Peter M
  (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August
  2004 17:32To: [EMAIL PROTECTED]Subject: Re: Domain
  users requiring access to WBI MB Config Manager
  Hard
  code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and
  then use SSL to insure only the users you want can use it. Then you only have
  to give that 1 ID access.
   
  If
  you don't have that channel protected by SSL and its MCAUSER is blank, it is a
  wide open hole for anyone to connect to with mqm
authority.
   
   
  
-Original Message-From: Kulbir S. Thind
[mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004
12:30 PMTo: [EMAIL PROTECTED]Subject: Domain
users requiring access to WBI MB Config
ManagerHi,
We have a W2K Configuration Manager (v5, CSD
3) installed that we need to provide access to.  This is normally a
straight forward step which involves adding domain accounts to the local
groups used by WMQ (mqm) and WBIMB (5 groups).   However, the users we're trying to add do not belong to
one of our company domains, they belong to a domain in their own company.
 We're trying to provide our off shore company with enough access to
our configuration manager to allow them to be able to establish a domain
connection, however we can't find a way of adding their domain accounts to
our local groups.  Has anyone done this or know of a way of being able
to do this? Thanks,
Kulbir.This communication, including attachments, is for the exclusive
  use of addressee and may contain proprietary, confidential or privileged
  information. If you are not the intended recipient, any use, copying,
  disclosure, dissemination or distribution is strictly prohibited. If
  you are not the intended recipient, please notify the sender
  immediately by return email and delete this communication and destroy all
  copies..sophos.3.83.08.03.

*
Emails aren't always secure, and they may be intercepted or changed after they've been sent. Abbey doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way.

This message doesn't create or change any contract. Abbey doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments.  Emails may be monitored.

If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents. 

Abbey National Treasury Services plc Reg. No. 2338548, Cater Allen International Ltd Reg. No. 2572704, and Inscape Investments Limited Reg. No. 3839455 are registered in England and have their Registered Offices at: Abbey National House, 2 Triton Square, Regent's Place, London, NW1 3AN.

Cater Allen International Ltd is a subsidiary of Abbey National Treasury Services plc. Abbey National Treasury Services plc and Cater Allen International Ltd are Members of The London Stock Exchange.

Abbey National Asset Managers Ltd. Reg. No. 106669. Registered Office: Abbey National House, 301 St Vincent Street, Glasgow, G2 5HN. Registered in Scotland.
Abbey National Asset Managers Ltd and Inscape Investments Limited are members of the Abbey Marketing Group and provide OEICS, PEPS, and ISAs.

Abbey National Treasury Services plc, Cater Allen International Ltd, Inscape Investments Limited, and Abbey National Asset Managers Ltd are authorised and regulated by the Financial Services Authority.

Abbey Financial Markets is the brand name for Abbey National Treasury Services plc.

Re: Domain users requiring access to WBI MB Config Manager

2004-08-03 Thread Potkay, Peter M (ISD, IT) 



Hard
code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then
use SSL to insure only the users you want can use it. Then you only have to give
that 1 ID access.
 
If you
don't have that channel protected by SSL and its MCAUSER is blank, it is a wide
open hole for anyone to connect to with mqm authority.
 
 

  -Original Message-From: Kulbir S. Thind
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30
  PMTo: [EMAIL PROTECTED]Subject: Domain users
  requiring access to WBI MB Config ManagerHi, We have a W2K
  Configuration Manager (v5, CSD 3) installed that we need to provide access to.
   This is normally a straight forward step which involves adding domain
  accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups).
    However, the users we're trying
  to add do not belong to one of our company domains, they belong to a domain in
  their own company.  We're trying to provide our off shore company with
  enough access to our configuration manager to allow them to be able to
  establish a domain connection, however we can't find a way of adding their
  domain accounts to our local groups.  Has anyone done this or know of a
  way of being able to do this? Thanks, Kulbir.

This communication, including attachments, is for the exclusive use of 
addressee and may contain proprietary, confidential or privileged 
information. If you are not the intended recipient, any use, copying, 
disclosure, dissemination or distribution is strictly prohibited. If 
you are not the intended recipient, please notify the sender 
immediately by return email and delete this communication and destroy all copies.