| Author |
Message
|
| sebastia |
 Posted: Fri Aug 04, 2006 8:44 am Post subject: exclusive use of a SVRCONN channel |
 |
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Hi !
If we are using a MQ (server) from few external MQ Client(s),
is there a way to force that this SVRCONN connection to be exclusive,
so two clients can NOT connect to the same queues simultaneously ?
Thanks a lot. |
|
| Back to top |
|
 |
| bbburson |
| Posted: Fri Aug 04, 2006 11:27 am Post subject: |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
In our setup we use a single SVRCONN channel for all clients to access a given queue manager. The channel is SSL enabled, and the effective userid is derived from the CN= attribute on the client's certificate (using a channel security exit). Individual queue authorizations are set such that client A cannot open client B's queues.
This may not directly answer your question but maybe it will spark an idea you can use. |
|
| Back to top |
|
|
| sebastia |
| Posted: Fri Aug 04, 2006 11:34 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Thanks, Bruce
But we are still NOT using SSL ...
all machines are within own network,
so there is not much reason fot it (yet).
Thanks anyway.
S. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Aug 04, 2006 3:16 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Without SSL, there's nothing you can do to prevent machine A from connecting to Channel B, or Machine B from connecting to Channel A.
Well.
You could use a security exit.
Or WebSphere MQ Extended Security Edition.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| sebastia |
| Posted: Fri Aug 04, 2006 3:18 pm Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
No, I want to prevent a SECOND client to connect to the server
while the first did not end yet !!! |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Aug 04, 2006 3:22 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You will need an exit of some kind - even with SSL you can't prevent a single app or machine from making more than one connection to the same channel.
Essentially every channel is actually only a channel definition. Each individual connection establishes a new instance of a particular channel, and there's no way you can limit this by who's at the other end.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| sebastia |
| Posted: Fri Aug 04, 2006 3:23 pm Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
And the limit HAS TO BE in the channel,
as the OPEN_EXCLUSIVE works only on a queue,
but second client can go to a second queue,
and we dont want that ! |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Aug 04, 2006 3:25 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Then you need an exit.
You might be able to get away with an API exit that only looks at MQCONNs.
But you probably need a channel exit.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Aug 04, 2006 5:44 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
The Capitalware MQAUSX solution will work for you.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| sebastia |
| Posted: Sun Aug 06, 2006 9:24 am Post subject: |
|
|
Grand Master
Joined: 07 Oct 2004
Posts: 1003
|
Peter : can you explain
"Capitalware MQAUSX"
a little bit more ?
May be a URL ???
( )
I shall use Google once more .... |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Aug 06, 2006 10:23 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
Look at the Capitalware forum on this site. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Aug 07, 2006 9:00 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3265
Location: London, ON Canada
|
| sebastia wrote: |
Peter : can you explain
"Capitalware MQAUSX"
a little bit more ?
May be a URL ??? |
Hi,
MQ Authenticate User Security Exit (MQAUSX) is a solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It verifies the User's UserID and Password against the server's native OS system or a remote LDAP server.
One of its many features is the ability to limit / control the number of channel connections.
For more information about MQAUSX go to:
http://www.capitalware.biz/mqausx_overview.html
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
