MQ Authenticate User Security Exit (MQAUSX) is a solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It verifies the user's user ID and password (and possibly domain name) against the server's native OS system (or domain controller) or a remote LDAP server. The security exit will operate with WebSphere MQ v6.0, v7.0, v7.1, or v7.5 in Windows, iSeries (OS/400), Unix, and Linux environments. It works with Server Connection, Client Connection, Sender, Receiver, Server, Requestor, Cluster-Sender, and Cluster-Receiver channels of WebSphere MQ queue manager. The MQ Authenticate User Security Exit solution is comprised of 2 components: client-side security exit and server-side security exit.
|Tags||WebSphere MQ MQSeries WMQ Security Communications|
|Operating Systems||AIX HP-UX Linux iSeries OS/400 Solaris Windows|
|Implementation||WebSphere MQ C Java C#|
Release Notes: This release adds a UseMCCRedo flag to control MCCRedoCount, MCCRedoMinutes, and MCCGetTimeOut, adds a UserIDFormatting flag to force Lowercase/Uppercase/As_Is formatting of the UserID, and renames the AllowMQCSPAuth flag to AllowPlainTextCredentials.
Release Notes: MQAUSX server-side security now defaults to AES 256-bit encryption for user credentials. Support for authentication against Quest Authentication Services (QAS) aka Vintela Authentication Services on Unix/Linux was added. Support for authentication against Centrify’s DirectControl (CDC) on Unix/Linux was added. A UseLDAPGroupSearchBindDN keyword was added. A new UseLDAPAuthCompare keyword causes LDAP bind to be used for authentication rather than LDAP compare.
Release Notes: This release adds Netscape/Mozilla style LDAP SSL support for AIX, HP-UX, and Solaris. It adds a UseSSLCertUserID IniFile keyword to enable the use of the UserID from the channel's SSLCertUserID field. It adds an AllowSSLSSCert IniFile keyword to enable the check for self-signed certificates. It adds UseSSLUserIDFromDN, SSLDNAttrName, SSLDNAttrStartPos, and SSLDNAttrLength IniFile keywords to extract the UserID from the channel's SSL DN field. It adds UseLDAPBindDN, LDAPBindDN, and LDAPBindPwd IniFile keywords to enable the use of a Bind UserID and Password for an LDAP connection.