Websphere MQ v8 - MQRC_NOT_AUTHORIZED - 2035

WebSphere MQ V7.1 introduced CHLAUTH rules which by default banned remote access by privileged users. To turn off CHLAUTH you are correct that you can issue

ALTER QMGR CHLAUTH(DISABLED)

However, you could also very simply allow yourself access on a particular channel as described in CHLAUTH - Allow some privileged admins.

IBM MQ V8 introduced Connection Authentication which default demands a password to authenticate a remote privileged user. To make this OPTIONAL (as it is for non-privileged users) you can issue

ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
      CHCKCLNT(OPTIONAL)

rather than turning it off completely with

ALTER QMGR CONNAUTH(' ')

After either of these commands you'll need to issue the following command for the queue manager to be aware of your changes.

REFRESH SECURITY TYPE(CONNAUTH)

You mention that this is for development purposes which is fair enough, but remember to turn these features on so that you can make your queue manager secure when using it in production!

Also, remember that the queue manager error log will provide you with details about why your application got the 2035, for example, "Channel is Blocked" for CHLAUTH and "Missing password" for CONNAUTH.


Ok so i found it! ALTER CHLAUTH(DISABLED) is not enough, you have to remove Connection Authentification as well (QM properties -> Extended)

Tags:

Java

Authentication

Authorization

Ibm Mq

Related

How to split read-only and read-write transactions with JPA and Hibernate Pass AWS credentials (IAM role credentials) to code running in docker container Javascript regex Currency symbol in a string Gradle: Exclude file from Android assets folder Missing data, insert rows in Pandas and fill with NAN tmux: how to toggle "on" and "off" options with the same key Getting a CMake Error: Cannot specify link libraries for target which is not built by the project Eclipse- Dynamic Web Module 3.0 requires Java 1.6 or newer error while creating new project How to send email with SMTP in php How to Fix Read timed out in Elasticsearch MailMessage.To.Add() throwing exception : "An invalid character was found in the mail header: ','." Why is Parallel.ForEach much faster then AsParallel().ForAll() even though MSDN suggests otherwise?

Recent Posts