Configuring the WebSphere MQ extensions for queue managers which require authentication
In IBM WebSphere MQ Version 8 and later, individual queue managers can be configured to allow or require connecting applications to supply an explicit userid and password for Connection Authentication.
To monitor a queue manager via a direct connection:
- Set its CONNAUTH property to the name of an AUTHINFO object.
- Set its CHCKLOCAL property to REQUIRED or REQDADM.
- Configure the extensions as described in the following sections in order for them to be able to connect to the queue manager.
If the CONNAUTH property is set, and the CHCKLOCAL property is set to OPTIONAL, then you can configure the extensions as described in the following sections. If the queue manager CHCKLOCAL property is set to NONE, then do not configure the extensions to attempt authentication.
If a queue manager to be monitored via an agentless connection has its CONNAUTH property set to the name of an AUTHINFO object, and has its CHCKCLNT property set to REQUIRED or REQDADM, then you must configure the extensions as described in the following sections in order for them to be able to connect to the queue manager. If the CONNAUTH property is set, and the CHCKCLNT property is set to OPTIONAL, then you can configure the extensions as described. If the queue manager CHCKCLNT property is set to NONE, then do not configure the extensions to attempt authentication.
Configuring the WebSphere MQ extensions for authenticated queue manager connections
Note
To set the connection mode, user name and password for a queue manager named MYQMGR with a clear text password, the agentpref command should be something like:
$ agentpref --set "WebSphere MQ Monitor" --pref_path ComMQSoftwareWebSphereMQQueueManager MYQMGR QmgrAuthType userpw QmgrAuthUserName MyUserName QmgrAuthPassword MyPassword
To use an obfuscated password, first use either the OBFPassword or mqsusertool utilities on the TrueSight Middleware and Transaction Monitor server machine, then use the output from that utility as the password on agentpref command line.
Example: Using OBFPassword
$ OBFPassword.bat MyPassword
OBF:1obr1ymj1p4j1rc41vn61vnw1ra21p571ylv1od3
$ agentpref --set "WebSphere MQ Monitor" --pref_path ComMQSoftwareWebSphereMQQueueManager MYQMGR QmgrAuthType userpw QmgrAuthUserName MyUserName QmgrAuthPassword "OBF:1obr1ymj1p4j1rc41vn61vnw1ra21p571ylv1od3"
Example: Using mqsusertool
$ mqsusertool --encode MyPassword
Encoding 'MyPassword' using algorithm Cryptor:
D;2D61tjBw8PCQng==
$ agentpref --set "WebSphere MQ Monitor" --pref_path ComMQSoftwareWebSphereMQQueueManager MYQMGR QmgrAuthType userpw QmgrAuthUserName MyUserName QmgrAuthPassword "D;2D61tjBw8PCQng=="
Comments
Log in or register to comment.