academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
10beb2b36cf0f51a7115ec79c8602ab584b57148
mq-container/docs/pluggable-connauth.md
Arthur Barr ac3dcdd0d0 Further changes with htpasswd provider
2021-01-25 08:52:32 +00:00

2.2 KiB
Raw Blame History

Queue Manager Connection Authentication using a htpasswd file

This pluggable authentication mode is to allow developers using the mq-container developer image to define users and their credentials into a .htpasswd file. This is in addition to the existing methods of MQ Connection Authentication (CONNAUTH) using Operating System or LDAP users.

Please note:

  1. This new feature is enabled only when environment variable --env MQ_CONNAUTH_USE_HTP=true is set while creating a container.
  2. When enabled, the AuthType value of the ConnectionAuthentication (CONNAUTH) is ignored and htpasswd mode is used. However, the MQ authority records created using (SETMQAUT or AUTHREC) will be in effect while using the htpasswd mode.
  3. Channel Authentication records (CHLAUTH) will be in effect while using the htpasswd mode.
  4. Passwords should be encrypted using bcrypt (golang.org/x/crypto/bcrypt).
  5. This is developer only feature and not recommended for use in Production.

Preparing htpasswd file

  1. A default mq.htpasswd file is provided and placed under /etc/mqm/ directory inside the container.
  2. You can set the password for user admin by setting the environment variable MQ_ADMIN_PASSWORD.
  3. You can add user app into mq.htpasswd file by setting the environment variable MQ_APP_PASSWORD. This user app can be used to access DEV.* objects of the queue manager.

Next Steps:

Use an administrative tool or your application to connect to queue manager using the credentials defined in the mq.htpasswd file.

Please note: When an authentication request is made with a userid that is not defined in the mq.htpasswd file, then the authentication process is delegated to queue manager to handle. This will then use IDPWOS or LDAP modes for further processing.

Troubleshooting

A log file named mqhtpass.log is generated under /var/mqm/errors directory path of the container. This file will contain all the failed connection authentication requests. Additional information is logged to this file if the environment variable DEBUG is set to true.

Please note: This log file will be wiped when the queue manager is next started.

Reference in New Issue View Git Blame Copy Permalink