| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| ALTERNATE_USER_AUTHORITY - Connecting with another UserID |
« View previous topic :: View next topic » |
| Author |
Message
|
| mvic |
 Posted: Wed Nov 16, 2011 3:13 pm Post subject: |
 |
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| ASkydiver wrote: |
This is where my lack of MQ experience may show, I'm in the development phase of the program, so to make the connection to the QueueManager I set the
MQEnvironment.UserId = ...
MQEnvironment.Password = ... |
I see why that looks the right thing to do.
It's not, though. According to the manual, the values you set here are put in an MQCSP block. This block is sent to the server at some point during initial client/server handshaking. The server might do something with the MQCSP data (or might not) but that userid/password data is quite separate from the ID your app is running under.
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.csqzav.doc/un10790_.htm
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.csqzas.doc/sy11220_.htm
mqjeff has re-iterated the major points, with asterisks. So there's no need for me to do that.
You do indeed need to get answers on how you're expected to test apps from your security folks, we're unlikely to know your environment better than them.
Hope this helps  |
|
| Back to top |
|
 |
| ASkydiver |
| Posted: Wed Nov 16, 2011 3:40 pm Post subject: |
|
|
Newbie
Joined: 16 Nov 2011
Posts: 8
|
| "mqjeff wrote: |
You can NOT change the identity of the user from WITHIN your program.
You would not expect Microsoft Word to allow you to pretend to be the domain administrator, would you?
You *must* ensure that your *program* is *running* as the userid that needs to connect.
The admins who have configured your MQ security exits appear fully qualified to understand your needs, and to provide you with a suitable mechanism to execute your code to meet your development, test, and production requirements.
You should be talking to THEM more. |
Thank you to all for being so paitent and pointing me in the right direction. Yes you are right, after spending quiet a bit of time with the MQ admins, we worked it out that the MQ Admins had to add my user id as a valid user on the the MQ Server and then add it to the authentication list, as well as the correct groups that have access to the MQ objects. Now it's working fine.
Thank you once again, I really appreciate the help you give to newbies. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Nov 17, 2011 4:28 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| mvic wrote: |
| According to the manual, the values you set here are put in an MQCSP block. This block is sent to the server at some point during initial client/server handshaking. The server might do something with the MQCSP data (or might not) but that userid/password data is quite separate from the ID your app is running under. |
The queue manager does absolutely NOTHING with the MQCSP structure. The queue manager will pass the MQCSP structure to any security exit defined to the channel and to any OAM MQZ_AUTHENTICATE_USER exits. It is up to these exits to do something with (i.e. authenticate) the UserId and Password in the MQCSP structure.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
