10

I am testing WebSphere on local for development purposes and now i wanted to move to new PC. But i dont remember exactly how i get rid of that error in title. I know there are tons of posts about this error since introduction MQ 7.1 how to disabled security. I remember last time i did runmqsc.exe QM_name -> ALTER CHLAUTH(DISABLED). But its not working anymore?! What else i need to change so anyone can connect to queue?

> DIS QMGR CHLAUTH
>      2 : DIS QMGR CHLAUTH AMQ8408: Display Queue Manager details. 
>  QMNAME(QueueManager1)                   CHLAUTH(DISABLED)

Thanks.

Morag Hughson
  • 7,255
  • 15
  • 44
JIV
  • 813
  • 2
  • 12
  • 30

3 Answers3

25

WebSphere MQ V7.1 introduced CHLAUTH rules which by default banned remote access by privileged users. To turn off CHLAUTH you are correct that you can issue

ALTER QMGR CHLAUTH(DISABLED)

However, you could also very simply allow yourself access on a particular channel as described in CHLAUTH - Allow some privileged admins.

IBM MQ V8 introduced Connection Authentication which default demands a password to authenticate a remote privileged user. To make this OPTIONAL (as it is for non-privileged users) you can issue

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
      CHCKCLNT(OPTIONAL)

rather than turning it off completely with

ALTER QMGR CONNAUTH(' ')

After either of these commands you'll need to issue the following command for the queue manager to be aware of your changes.

REFRESH SECURITY TYPE(CONNAUTH)

You mention that this is for development purposes which is fair enough, but remember to turn these features on so that you can make your queue manager secure when using it in production!

Also, remember that the queue manager error log will provide you with details about why your application got the 2035, for example, "Channel is Blocked" for CHLAUTH and "Missing password" for CONNAUTH.

JoshMc
  • 10,239
  • 2
  • 19
  • 38
Morag Hughson
  • 7,255
  • 15
  • 44
  • thanks for explanation, i just need it for testing so security is not needed at all. – JIV Sep 18 '14 at 17:13
3

Ok so i found it! ALTER CHLAUTH(DISABLED) is not enough, you have to remove Connection Authentification as well (QM properties -> Extended)

JIV
  • 813
  • 2
  • 12
  • 30
0

you just need to execute the below

ALTER QMGR CHLAUTH(DISABLED)
REFRESH SECURITY TYPE(CONNAUTH)
JoshMc
  • 10,239
  • 2
  • 19
  • 38
Rawad
  • 1
  • When you run the following command `ALTER QMGR CHLAUTH(DISABLED)` CHLAUTH is disabled immediately. `REFRESH SECURITY TYPE(CONNAME)` is not related to CHLAUTH, this command is required when you make changes to the queue managers CONNAUTH configuration. – JoshMc Sep 18 '20 at 22:47