Question
how can i properly setup Kerberos in Websphere MQ? In the documentation, it says can use
https://stackoverflow.com/questions/21249314
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSCYEXIT('amqrspin(SCY_KERBEROS)')
I suppose this attribute is defined when when create the channels? eg
define CHANNEL (...) .... SCYEXIT('amqrspin(SCY_KERBEROS)')
how about SCYDATA('remote_principal_name') ? Does this need to defined after scyexit ? What other setups do I need to consider besides these 2 channel attributes?
is there other good tutorial on this subject? thanks.
Solution
The amqrspin security exit shipped with MQ supports KERBEROS and NTLM. A channel can be defined to use the security exit as
define channel(ABC) chltype(SVRCONN) SCYEXIT('amqrspin(SCY_KERBEROS)') SCYDATA('domusr')
where 'domusr' is in the form DOMAIN\user. The secure channel is established only if the name of the remote principal matches 'domusr'. Here is some more information on amqrspin security exit.
