Capitalware Inc. would like to announce the official release of MQ Authenticate User Security Exit v2.0.0. This is a FREE upgrade for ALL licensed users of MQ Authenticate User Security Exit. MQ Authenticate User Security Exit is a solution that allows a company to fully authenticate a user who is accessing a WebSphere MQ resource. It authenticates the user’s UserID and Password (and possibly Domain Name) against the server’s native OS system, LDAP server, Microsoft’s Active Directory, Quest Authentication Services, Centrify’s DirectControl or an encrypted MQAUSX FBA file.
For more information about MQ Authenticate User Security Exit go to:
https://www.capitalware.com/mqausx_overview.html
Changes for MQ Authenticate User Security Exit v2.0.0:
- Server-side:
- MQAUSX server-side security exit defaults to use AES 256-bit encryption for user credentials
- Added support for authentication against Quest Authentication Services (QAS) aka Vintela Authentication Services on Unix/Linux
- Added support for authentication against Centrify’s DirectControl (CDC) on Unix/Linux
- Added keyword UseLDAPGroupSearchBindDN so that the bindDN and BindPswd will be used for an LDAP Search if UseLDAPBindDN is set to No
- Added keyword UseLDAPAuthCompare so that the ldap bind will be used for authentication rather than ldap compare
- Added keyword UseAllowHostname and AllowHostname to only allow hosts by name (reverse lookup of incoming IP address)
- Added keyword UseRejectHostname and RejectHostname to explicitly reject a hostname (reverse lookup of incoming IP address)
- Added keyword UseAllowHostByName and AllowHostByName to only allow hosts by name
- Added keyword UseRejectHostByName and RejectHostByName to explicitly reject a hostname
- Added keyword SystemLogMessage to control what type of messages (‘accepted’ and/or ‘rejected’) are written to system log
- Added keywords UseGroups, Groups, UseGroupFile & GroupFile
- Added program cwdspver to display the product version number
- Added code in the Ini parser to distinguish between ‘ABC’ and ‘ABCDEF’ keywords
- enc_pwd program defaults to use AES 256-bit encryption
- Increased the accepted IniFile parameter length from 1024 to 2048 characters
- Added support non-default install for WMQ v7.1 & higher multi-install feature on IBM i, Linux, Unix and Windows
- Added 64-bit client-side security exit for Windows
- Updated LDAPGroupSearchBase and LDAPGroupSearchFilter processing to replace all occurrences of %USERID% – not just the 1st occurrence
- Updated the “Connection accepted” log record to include the UserID set for the connection.
- Updated MCC logic so that a command server failure does not affect the exit.
- Changed MCCRedoCount default value from 1000 to 5000
- Fixed a bug with LDAP ANR processing
- Fixed a bug with ConnectionName when both IPv4 and IPv6 stacks are used
- Fixed a bug with UseAuthOrder and AuthOrder
- Fixed a bug in the in-memory Ini parser
- Fixed a bug with Proxy file processing
- Fixed a bug in the AllowSSLDN processing
- Fixed a bug in CWCHAD when NoAuth is used
- Fixed a bug in AllowHostname on Linux
- Fixed an issue with BackupLogFileCount (across all products)
- Fixed a bug with SSLPeerNamePtr field.
- Fixed a memory leak with LogonUser API call on Windows
- Fixed a bug with LDAP SSL looping again when a failed authentication happens
- Fixed weird error with dlsym on Solaris
- Tested with WMQ v7.5
- Client-side:
- MQAUSX client-side security exit defaults to use AES 256-bit encryption for user credentials
- enc_clnt program defaults to use AES 256-bit encryption
- Fixed the font for CCDTE and Encrypted Client GUI
- Added support to explicitly reject an IP address and/or hostname (RejectConName / MQAUSX_REJECT_CONNAME)
- Added support to explicitly reject a queue manager (RejectQMgrName / MQAUSX_REJECT_QMGR_NAME)
- Fixed a bug in MQAUSXJ in processing SCYDATA using inline parameters (u=…;p=…)
- Added code to get around APAR IZ69820
Regards,
Roger Lacroix
Capitalware Inc.
