Re: Domain users requiring access to WBI MB Config Manager
Title: Message Not specifically documented but when you configure the connection to the configuration manager in the toolkit, there is only a security exit option in the configuration pane. I couldn't find anything in the info center to explain how you would get the toolkit to use SSL to connect to the configuration manager. I'll search through the documents again and see if I'm being an idiot ( more than likely ) tim -Original Message-From: Potkay, Peter M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August 2004 18:01To: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager The class I took said it did. Its just a JAVA client connecting to a Queue Manager. Is it documented somewhere that it does not allow this? -Original Message-From: Wright, Tim (AFM) [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:49 PMTo: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager I thought the WBIMB toolkit doesn't support SSL connections to the config manager ( security exits only ) -Original Message-From: Potkay, Peter M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August 2004 17:32To: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager Hard code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then use SSL to insure only the users you want can use it. Then you only have to give that 1 ID access. If you don't have that channel protected by SSL and its MCAUSER is blank, it is a wide open hole for anyone to connect to with mqm authority. -Original Message-From: Kulbir S. Thind [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Domain users requiring access to WBI MB Config ManagerHi, We have a W2K Configuration Manager (v5, CSD 3) installed that we need to provide access to. This is normally a straight forward step which involves adding domain accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups). However, the users we're trying to add do not belong to one of our company domains, they belong to a domain in their own company. We're trying to provide our off shore company with enough access to our configuration manager to allow them to be able to establish a domain connection, however we can't find a way of adding their domain accounts to our local groups. Has anyone done this or know of a way of being able to do this? Thanks, Kulbir.This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies..sophos.3.83.08.03.*Emails aren't always secure, and they may be intercepted or changed after they've been sent. Abbey doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way.This message doesn't create or change any contract. Abbey doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments. Emails may be monitored.If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents. Abbey National Treasury Services plc Reg. No. 2338548, Cater Allen International Ltd Reg. No. 2572704, and Inscape Investments Limited Reg. No. 3839455 are registered in England and have their Registered Offices at: Abbey National House, 2 Triton Square, Regent's Place, London, NW1 3AN.Cater Allen International Ltd is a subsidiary of Abbey National Treasury Services plc. Abbey National Treasury Services plc and Cater Allen International Ltd are Members of The London Stock Exchange.Abbey National Asset Managers Ltd. Reg. No. 106669. Registered Office: Abbey National House, 301 St Vincent Street, Glasgow, G2 5HN. Registered in Scotland.Abbey National Asset Managers Ltd and Inscape Investments Limited are members of the Abbey Marketing Group and provide OEICS, PEPS, and ISAs.
Re: Domain users requiring access to WBI MB Config Manager
Kulbir, I second Peter's suggestion but wanted to comment directly on your query about adding their accounts to your groups. The only way to do this is through a trust relationship between the domains. (This may be called something else in Active directory but in NT it was domain trusts.) This is a LOT bigger deal than securing a QMgr with SSL and an MCAUSER. As a second alternative, why not get the offshore team their own accounts? In our shop we put up a dedicated Windows server that the users sign onto for a Windows desktop and access to a configuration manager. The gateway server allows you to keep all of the domain authentication, security, server and MQ administration in-house. When you control all the pieces, your risk is reduced. We factored the cost of the gateway into the cost savings of using an offshore team. Incidentally, the advice about securing your SVRCONN applies whether your users are authenticated in your domain or not. Even if you didn't have the offshore team to worry about, an unsecured SVRCONN channel gives full MQ admin authority to anyone who connects to it. Tie it down if you have not already. -- T.Rob -Original Message-From: MQSeries List [mailto:[EMAIL PROTECTED]On Behalf Of Potkay, Peter M (ISD, IT)Sent: Tuesday, August 03, 2004 12:32 PMTo: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager Hard code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then use SSL to insure only the users you want can use it. Then you only have to give that 1 ID access. If you don't have that channel protected by SSL and its MCAUSER is blank, it is a wide open hole for anyone to connect to with mqm authority. -Original Message-From: Kulbir S. Thind [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Domain users requiring access to WBI MB Config ManagerHi, We have a W2K Configuration Manager (v5, CSD 3) installed that we need to provide access to. This is normally a straight forward step which involves adding domain accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups). However, the users we're trying to add do not belong to one of our company domains, they belong to a domain in their own company. We're trying to provide our off shore company with enough access to our configuration manager to allow them to be able to establish a domain connection, however we can't find a way of adding their domain accounts to our local groups. Has anyone done this or know of a way of being able to do this? Thanks, Kulbir.This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies.
Re: Domain users requiring access to WBI MB Config Manager
Title: Message The class I took said it did. Its just a JAVA client connecting to a Queue Manager. Is it documented somewhere that it does not allow this? -Original Message-From: Wright, Tim (AFM) [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:49 PMTo: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager I thought the WBIMB toolkit doesn't support SSL connections to the config manager ( security exits only ) -Original Message-From: Potkay, Peter M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August 2004 17:32To: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager Hard code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then use SSL to insure only the users you want can use it. Then you only have to give that 1 ID access. If you don't have that channel protected by SSL and its MCAUSER is blank, it is a wide open hole for anyone to connect to with mqm authority. -Original Message-From: Kulbir S. Thind [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Domain users requiring access to WBI MB Config ManagerHi, We have a W2K Configuration Manager (v5, CSD 3) installed that we need to provide access to. This is normally a straight forward step which involves adding domain accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups). However, the users we're trying to add do not belong to one of our company domains, they belong to a domain in their own company. We're trying to provide our off shore company with enough access to our configuration manager to allow them to be able to establish a domain connection, however we can't find a way of adding their domain accounts to our local groups. Has anyone done this or know of a way of being able to do this? Thanks, Kulbir.This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies..sophos.3.83.08.03.*Emails aren't always secure, and they may be intercepted or changed after they've been sent. Abbey doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way.This message doesn't create or change any contract. Abbey doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments. Emails may be monitored.If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents. Abbey National Treasury Services plc Reg. No. 2338548, Cater Allen International Ltd Reg. No. 2572704, and Inscape Investments Limited Reg. No. 3839455 are registered in England and have their Registered Offices at: Abbey National House, 2 Triton Square, Regent's Place, London, NW1 3AN.Cater Allen International Ltd is a subsidiary of Abbey National Treasury Services plc. Abbey National Treasury Services plc and Cater Allen International Ltd are Members of The London Stock Exchange.Abbey National Asset Managers Ltd. Reg. No. 106669. Registered Office: Abbey National House, 301 St Vincent Street, Glasgow, G2 5HN. Registered in Scotland.Abbey National Asset Managers Ltd and Inscape Investments Limited are members of the Abbey Marketing Group and provide OEICS, PEPS, and ISAs.Abbey National Treasury Services plc, Cater Allen International Ltd, Inscape Investments Limited, and Abbey National Asset Managers Ltd are authorised and regulated by the Financial Services Authority.Abbey Financial Markets is the brand name for Abbey National Treasury Services plc.
Re: Domain users requiring access to WBI MB Config Manager
Title: Message I thought the WBIMB toolkit doesn't support SSL connections to the config manager ( security exits only ) -Original Message-From: Potkay, Peter M (ISD, IT) [mailto:[EMAIL PROTECTED] Sent: 03 August 2004 17:32To: [EMAIL PROTECTED]Subject: Re: Domain users requiring access to WBI MB Config Manager Hard code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then use SSL to insure only the users you want can use it. Then you only have to give that 1 ID access. If you don't have that channel protected by SSL and its MCAUSER is blank, it is a wide open hole for anyone to connect to with mqm authority. -Original Message-From: Kulbir S. Thind [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Domain users requiring access to WBI MB Config ManagerHi, We have a W2K Configuration Manager (v5, CSD 3) installed that we need to provide access to. This is normally a straight forward step which involves adding domain accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups). However, the users we're trying to add do not belong to one of our company domains, they belong to a domain in their own company. We're trying to provide our off shore company with enough access to our configuration manager to allow them to be able to establish a domain connection, however we can't find a way of adding their domain accounts to our local groups. Has anyone done this or know of a way of being able to do this? Thanks, Kulbir.This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies..sophos.3.83.08.03. * Emails aren't always secure, and they may be intercepted or changed after they've been sent. Abbey doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way. This message doesn't create or change any contract. Abbey doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments. Emails may be monitored. If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents. Abbey National Treasury Services plc Reg. No. 2338548, Cater Allen International Ltd Reg. No. 2572704, and Inscape Investments Limited Reg. No. 3839455 are registered in England and have their Registered Offices at: Abbey National House, 2 Triton Square, Regent's Place, London, NW1 3AN. Cater Allen International Ltd is a subsidiary of Abbey National Treasury Services plc. Abbey National Treasury Services plc and Cater Allen International Ltd are Members of The London Stock Exchange. Abbey National Asset Managers Ltd. Reg. No. 106669. Registered Office: Abbey National House, 301 St Vincent Street, Glasgow, G2 5HN. Registered in Scotland. Abbey National Asset Managers Ltd and Inscape Investments Limited are members of the Abbey Marketing Group and provide OEICS, PEPS, and ISAs. Abbey National Treasury Services plc, Cater Allen International Ltd, Inscape Investments Limited, and Abbey National Asset Managers Ltd are authorised and regulated by the Financial Services Authority. Abbey Financial Markets is the brand name for Abbey National Treasury Services plc.
Re: Domain users requiring access to WBI MB Config Manager
Hard code a value in the MCAUSER of the SVRCONN channel used by the Toolkit, and then use SSL to insure only the users you want can use it. Then you only have to give that 1 ID access. If you don't have that channel protected by SSL and its MCAUSER is blank, it is a wide open hole for anyone to connect to with mqm authority. -Original Message-From: Kulbir S. Thind [mailto:[EMAIL PROTECTED]Sent: Tuesday, August 03, 2004 12:30 PMTo: [EMAIL PROTECTED]Subject: Domain users requiring access to WBI MB Config ManagerHi, We have a W2K Configuration Manager (v5, CSD 3) installed that we need to provide access to. This is normally a straight forward step which involves adding domain accounts to the local groups used by WMQ (mqm) and WBIMB (5 groups). However, the users we're trying to add do not belong to one of our company domains, they belong to a domain in their own company. We're trying to provide our off shore company with enough access to our configuration manager to allow them to be able to establish a domain connection, however we can't find a way of adding their domain accounts to our local groups. Has anyone done this or know of a way of being able to do this? Thanks, Kulbir. This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies.