How to allow anonymous connections to IBM MQ 8?

S

Serg4452019-11-06 11:45:34

ubuntu

Serg445, 2019-11-06 11:45:34

Good afternoon!
Tell me how to allow all connections to the queue manager in IBM MQ 8?
When I try to connect to IBM MQ from MQ Explorer, I get an error

AMQ: 4036 - Access not allowed. You do not have access rights to perform this operation. (AMQ4036)
Access not allowed. You do not have access rights to perform this operation. (AMQ4036)
Severity: 10 (Warning)
Explanation: The queue manager's security mechanism reported that the given request user id does not have access rights to the object.

On how many I understood - a problem in users - authorizations.
I tried to do like this:

setmqaut -m DQUE -t qmgr -g mqm +all

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Serg445, 2020-07-31
@Serg445

To solve this problem, I sketched a script
at startup, we set:

u) USER=${OPTARG};;
m) MGR=${OPTARG};;
p) PORT=${OPTARG};;

```
#!/bin/bash
while getopts u:m:p:h: option
do
case "${option}"
in
u) USER=${OPTARG};;
m) MGR=${OPTARG};;
p) PORT=${OPTARG};;
h) echo "-h this Help; -u USER; -m Name New manager; -p PORT";;
esac
done
crtmqm $MGR
strmqm $MGR
echo "DEFINE LISTENER($MGR.LISTENER) TRPTYPE(TCP) CONTROL(QMGR) PORT($PORT)" > /tmp/mq_command.sc
echo "START LISTENER($MGR.LISTENER)" >> /tmp/mq_command.sc
echo "DEFINE CHANNEL(CLIENT.SVRCONN) CHLTYPE(SVRCONN) TRPTYPE(TCP) MCAUSER('$USER')" >> /tmp/mq_command.sc
#echo "set chlauth(*) TYPE (BLOCKUSER) USERLIST(*MQADMIN) action(remove)" >>
#echo "alter qmgr connauth(NO)" >> /tmp/mq_command.sc
echo "alter qmgr chlauth(DISABLED)" >> /tmp/mq_command.sc
echo "DEFINE AUTHINFO(USE.PW2) AUTHTYPE(IDPWOS) FAILDLAY( 10) CHCKLOCL(NONE) CHCKCLNT(NONE)" >> /tmp/mq_command.sc
echo "ALTER QMGR CONNAUTH(USE.PW2)" >> /tmp/mq_command.sc
echo "REFRESH SECURITY TYPE(CONNAUTH)" >> / tmp/mq_command.sc
runmqsc $MGR < /tmp/mq_command.sc
setmqaut -m $MGR -t qmgr -g "$USER" +connect +inq +alladm
setmqaut -m $MGR -n "**" -tq -g "$USER" +alladm +crt +browse
setmqaut -m $MGR -n "**" -t topic -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t channel -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t process -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t namelist -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t authinfo -g "$USER" +alladm +crt
setmqaut - m $MGR -n "**" -t clntconn -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t listener -g "$USER" +alladm +crt
setmqaut -m $ MGR -n "**" -t service -g "$USER" +alladm +crt
setmqaut -m $MGR -n "**" -t comminfo -g "$USER" +alladm +crt
setmqaut -m $MGR - n SYSTEM.MQEXPLORER.REPLY.MODEL -tq -g "$USER" +dsp +inq +get
setmqaut -m $MGR -n SYSTEM.ADMIN.COMMAND.QUEUE -tq -g "$USER" +dsp +inq +put
endmqm -i $MGR
strmqm $MGR
echo "Done"
```

A

Alexey, 2021-07-13
@Deia

You need to create a connection for MQ Explorer

runmqsc QM1

define channel(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN) MCAUSER('mqm')
alter qmgr chlauth(DISABLED)
refresh security

Give permissions to rfhutil

runmqsc QM1

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL) 
REFRESH SECURITY TYPE(CONNAUTH)