-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No app.Ids on container and access control #406
Comments
I'm not sure what you mean by "app.ids". In the MQ 9.1.5.0-r1 image, we removed the local "operating system" (OS) user ID "mqm" and the group "mqm". In the corresponding MQ 9.1.5.0-r1 MQ Advanced for Developers image, there is also no "app" or "admin" user, and no "mqclient" group. The MQ 9.1.4 images were unaffected by this change though. In the MQ 9.1.5 case, and in future versions, then you need to use LDAP for authentication as described in the MQ Knowledge Center. The change in MQ 9.1.5 is due to conformance with Red Hat's security standards for the OpenShift Container Platform, where the recommendation (and default) is to disallow the user of local OS users for security reasons. |
Trying to provide MQv9.1.4.0-r1 linux container on OpenShift container platform at our company and realized app. Ids(client ids) were not created on MQ container. With the absence of app.ids on container how would chlauth configured and under which authority channel connections run?. How would access to queues limited to an application id?. Authrecs were not able to set for app.id (non existing on container) and container is not usable.
The text was updated successfully, but these errors were encountered: