As of version 7.1 of MQ, the default security configuration is more restrictive and as such will probably need to be modified further before you can get a successful connection via a channel that has mcauser('mqm').
Refer to the WebSphere MQ documentation for further information if you still want to use the ‘mqm’ user. It is recommended that you create a new user for LAMAXU to user and apply the OAM authorities as described below.
Please replace the values below with the correct ones for your installation.
{qmgr} Queue Manager Name
{User} The MQ user being used by Lamaxu
The MONQ and MONCHL must be set to MEDIUM or higher to enable MQ to publish the Status and event information.
Use the MQSC commands below to modify the queue manager configuration and restart the LAMAXU agent.
ALTER QMGR CHLEV(ENABLED) +
MONCHL(MEDIUM) +
MONQ(MEDIUM) +
PERFMEV(ENABLED) +
STATCHL(MEDIUM) +
STATQ(ON) +
FORCE
For the purposes of this example the username 'lamaxu' has been used.
DEFINE CHANNEL('LAMAXU.CHANNEL') CHLTYPE(SVRCONN) MCAUSER('lamaxu')To disable the security on the SVRCONN channels execute the following runmqsc commands below.
Note: this should only be performed in DEV for testing purposes.
ALTER AUTHINFO('SYSTEM.DEFAULT.AUTHINFO.IDPWOS') AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
ALTER QMGR CHLAUTH(DISABLED)The commands below are MQ 'runmqsc' commands that need to be executed by an MQ privileged user, like the 'mqm' user.
ALTER QMGR CONNAUTH(USE.PW) CHLAUTH(ENABLED)
ALTER AUTHINFO(USE.PW) +
AUTHTYPE(IDPWOS) +
FAILDLAY(10) +
CHCKLOCL(REQUIRED) +
CHCKCLNT(REQUIRED)
REFRESH SECURITY TYPE(CONNAUTH)
PE {QMGR}.RESET.* CLASS(MQCMDS) ID({USER}) ACCESS(CONTROL)
PE {QMGR}.QUEUE.* CLASS(MQADMIN) ID({USER}) ACCESS(CONTROL)
SETR GENERIC(MQCMDS) REFRESH
SETR GENERIC(MQADMIN) REF
SETR RACLIST(MQADMIN) REFREFRESH SECURITY