IBM Integration Community Come for answers. Stay for best practices. All we’re missing is you. Join / Log in Ask a question
I'm trying to find in MQ docs a paragraph saying user "mqm" on a AIX box doesn't need to have a password. I only find it's optional. Where can I find that info, saying "mqm" user don't need password? .
In my opinion, that is a really bad idea. Every UserId should have a strong password associated with it. Otherwise, you are leaving the door wide open for hackers.
thanks Roger! that is a really good point!
On UNIX systems, the mqm userid does not need to have a known or usable password. It is not required for systemd to start queue managers. If necessary, MQ admin staff userids should have sudo rules to allow switching to mqm without requiring a password, or sudo rules that allow particular commands to be run as mqm. This takes security out of the realm of "need to know the password and store it somewhere safe".
Yes, the user "mqm" is only used for running queue managers, no one used it to logon, we (the admin staff team) have sudo to the user "mqm". This is the normal way I manage MQ servers (unix's). But I have a installation where a passwd was defined for user "mqm", and someone used it to logon. Now I can remove logon possibility, remove password for the "mqm", or define a complex password. I guess the second option is better as Roger suggested.