2.1 KiB
Queue Manager Connection Authentication using a htpasswd file
This pluggable authentication mode is to allow developers using the mq-container developer image to define users and their credentials into a .htpasswd file. This is in addition to the existing methods of MQ Connection Authentication (CONNAUTH) using Operating System or LDAP users.
Please note:
- This new feature is enabled only when environment variable
--env MQ_CONNAUTH_USE_HTP=trueis set while creating a container. - When enabled, the
AuthTypevalue of the ConnectionAuthentication (CONNAUTH) is ignored and htpasswd mode is used. However, the MQ authority records created using (SETMQAUTorAUTHREC) will be in effect while using the htpasswd mode. - Channel Authentication records (
CHLAUTH) will be in effect while using the htpasswd mode. - Passwords should be encrypted using bcrypt (golang.org/x/crypto/bcrypt).
- This is developer only feature and not recommended for use in Production.
Preparing htpasswd file
- A default
mq.htpasswdfile is provided and placed under /etc/mqm/ directory inside the container. - You can set the password for user
adminby setting the environment variableMQ_ADMIN_PASSWORD. - You can add user
appinto mq.htpasswd file by setting the environment variableMQ_APP_PASSWORD. This userappcan be used to accessDEV.*objects of the queue manager.
Next Steps:
Use an administrative tool or your application to connect to queue manager using the credentials defined in the mq.htpasswd file.
Please note: When an authentication request is made with a userid that is not defined in the mq.htpasswd file, then the authentication process is delegated to queue manager to handle. This will then use IDPWOS or LDAP modes for further processing.
Troubleshooting
A log file named amqpasdev.log is generated under /var/mqm/errors directory path of the container. This file will contain all the failed connection authentication requests.
Please note: This log file is based on circular logging and the maximum size is restricted to 1MB.