How to disable authorizations in IBM MQ 7.0

StackOverflow https://stackoverflow.com/questions/19209206

  •  30-06-2022
  •  | 
  •  

Question

How can we disable authorizations on MQ version 7.0.1.3 on windows platform?

I know in version 7.0 you can disable channel authorizations. But I cannot find a way to disable authorizations in 7.0.1.3.

Was it helpful?

Solution

The authorizations on 7.0.1.3 can be disabled by putting environment variable MQSNOAUT=yes on both windows and UNIX. The variable has to be set before creation of queue manager and during the life cycle of queue manager, authorizations cannot be re-enabled.

Below link explains in detail the use of MQSNOAUT:

http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=%2Fcom.ibm.mq.amqzag.doc%2Ffa13260_.htm

OTHER TIPS

MQSC command ALTER QMGR CHLAUTH(DISABLED) will disable channel authorizations in MQ v7.5 too.

BTW: Are you sure MQ version is 8.1? The last released version of MQ is v7.5.

EDIT:

Channel authorization feature was introduced in MQ v7.1. So that feature not available in MQ v701x and hence can't disable.

As per your comment, you are getting 2035 error, which makes you think that channel authentication is turned on for you.

As explained by Shashi, CHLAUTH came only, MQ7.1 onwards and its actual purpose is to block all admin access through SVRCONN channels by default(All System.* channels are blocked).

Check here for more details.

But, user authentication was always there.

Check the user id with which you are trying to connect.

That user id must have access to the MQ object. In other words, user id must be added in the user-group which has access to the MQ objects. For eg, user ids added to "mqm" group, will have admin permissions to the MQ objects.

Steps to add a user id in a user group will vary from OS to OS. Mention your OS in the question.

Also, you can try to give authorizations to your user using setmqaut command. Here is the usage of the command.

The user ID 'xxxxx' and its password were checked because the queue manager connection authority (CONNAUTH) configuration refers to an authentication information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with CHCKLOCL(OPTIONAL). &P This message accompanies a previous error to clarify the reason for the user ID and password check.

So changed SYSTEM.DEFAULT.AUTHINFO.IDPWOS and SYSTEM.DEFAULT.AUTHINFO.IDPWLDAP in Authentication Information to have Username+password - "none" for check locally bound connections and "none" for check client connections.

Note : Changes are reflected only after restart of queue manager.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top