From IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide
Part of SRG-APP-000516-NDM-000336
Associated with: CCI-000366 CCI-000370
The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network MQ Appliance device management. Maintaining local administrator accounts for daily usage on each MQ Appliance network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some MQ Appliance network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Verify the Authentication Method is set to LDAP. Verify only one Fallback user is specified. If administrative accounts other than the Fallback user are on the local MQ appliance, this is a finding.
Log on to the MQ Appliance WebGUI as a privileged user. Go to Administration (gear icon) >> Access >> RBM Settings. Set Authentication Method to LDAP. Configure LDAP server connection requirements as required. Specify one privileged Fallback user. Remove unauthorized Fallback users or admin accounts.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer