ibm-messaging
No app.Ids on container and access control
Trying to provide MQv9.1.4.0-r1 linux container on OpenShift container platform at our company and realized app. Ids(client ids) were not created on MQ container. With the absence of app.ids on container how would chlauth configured and under which authority channel connections run?. How would access to queues limited to an application id?. Authrecs were not able to set for app.id (non existing on container) and container is not usable.
I'm not sure what you mean by "app.ids". In the MQ 9.1.5.0-r1 image, we removed the local "operating system" (OS) user ID "mqm" and the group "mqm". In the corresponding MQ 9.1.5.0-r1 MQ Advanced for Developers image, there is also no "app" or "admin" user, and no "mqclient" group. The MQ 9.1.4 images were unaffected by this change though.
In the MQ 9.1.5 case, and in future versions, then you need to use LDAP for authentication as described in the MQ Knowledge Center. The change in MQ 9.1.5 is due to conformance with Red Hat's security standards for the OpenShift Container Platform, where the recommendation (and default) is to disallow the user of local OS users for security reasons.
