View Presentation Slides Here

IBM MQ CONNAUTH/CHLAUTH Doesn't Work Like You Think it Does (and if you aren't careful may not work at all)

Native MQ password authentication (CONNAUTH) introduced in IBM MQ v8.0 has gotten off to a rough start. As of Fix Pack 8.0.0.5, the interaction between CONNAUTH and CHLAUTH has exhibited 5 distinct behaviors. After applying Fix Packs some of these cause hard failures while others silently over-authorize client users, leaving the queue manager exposed. This webcast will present findings from our CONNAUTH/CHLAUTH security research as well as recommendations for MQ users and the audit community. 

Speaker: T.Rob Wyatt is an independent consultant who has been working with IBM MQ for over 20 years. Professionally he spends about half his time designing MQ architectures, clusters and HA solutions, and the other half focusing on security and figuring out how to break MQ. His latest project is mapping out MQ's security behaviors when using password authentication, which produced the findings presented in this webinar. T.Rob is a frequent speaker at IBM conferences and MQ Tech Conference, a prolific blogger, and was recognized as an IBM Champion in 2016 for his contributions to the MQ community.