T.Rob Wyatt of IoPT Consulting has published an extremely extensive blog posting on the use of UserID/Password and CHLAUTH rules with IBM MQ V8 and V9.
You can find it here: https://t-rob.net/2016/10/25/mq-idpwos-chlauth-exec-summary/
He did huge number and variety of tests against 9 different releases of MQ. A big thumbs up for the effort in creating and performing these tests. If you review the spreadsheet that T.Rob has put together you would think that MQ has multiple personalities. Its rather shocking.
Of course, as a vendor of security products for MQ, it has to make me ask, why don’t we let IBM MQ do what its best at ‘message and queuing’ and let MQAUSX (and/or z/MQAUSX) handle the authentication and filtering of UserIDs, IP address, hostnames, SSL values, etc..
Regards,
Roger Lacroix
Capitalware Inc.
