| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| MQ / Message Broker Security |
« View previous topic :: View next topic » |
| Author |
Message
|
| JosephGramig |
 Posted: Fri May 31, 2013 12:25 pm Post subject: |
 |
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| rammer wrote: |
| Question here is that user ids from windows machines are 15 plus, I believe on AIX we can only use upto 8 characters. |
On the AIX you can look in the /etc/passwd file to see if their ID exist and you can issue the group command followed by that ID to see what groups it is a member of to understand what groups to use in grants. Bottom line, if the ID isn't on the AIX box, then it will be rejected. You can also map all IDs from that/those IP addresses to a AIX ID.
It would seem you are actively avoiding answering the most basic questions, which makes it quite hard to help you.
Also, when the connection attempt is made and rejected, it is recorded with the ID in the Qmgr's error log (if this is MQ V7.1 and up).
"Derby City" is my city's nickname because the most famous horse race in the universe is held here on the first Saturday in May every year. Don't they eat horses in Europe?  |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Fri May 31, 2013 12:27 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| JosephGramig wrote: |
| "Derby City" is my city's nickname because the most famous horse race in the universe is held here on the first Saturday in May every year. Don't they eat horses in Europe? |
It's quite an event, for all of about a minute and a half. |
|
| Back to top |
|
|
| zpat |
| Posted: Fri May 31, 2013 12:32 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5867
Location: UK
|
lsuser <id>
This will show the userid on AIX, and the groups it is a member of. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri May 31, 2013 1:53 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| JosephGramig wrote: |
| Don't they eat horses in Europe? |
Only the ones that finish last.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Jun 01, 2013 3:32 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Vitor wrote: |
| JosephGramig wrote: |
| Don't they eat horses in Europe? |
Only the ones that finish last. |
I guess it depends on where you buy your ground beef... |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Sat Jun 01, 2013 7:12 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| JosephGramig wrote: |
"Derby City" is my city's nickname because the most famous horse race in the universe is held here on the first Saturday in May every year. Don't they eat horses in Europe? |
Strange that, I thought that was the Epsom Derby (where the term 'Derby' originated) that is taking place today.
http://en.wikipedia.org/wiki/Epsom_Derby
| Quote: |
The Derby originated at a celebration following the first running of the Oaks Stakes in 1779. A new race was planned, and it was decided that it should be named after either the host of the party, the 12th Earl of Derby, or one of his guests, Sir Charles Bunbury. According to legend the decision was made by the toss of a coin, but it is probable that Bunbury, the Steward of the Jockey Club, deferred to his host.[2] The inaugural running of the Derby was held on Thursday 4 May 1780. It was won by Diomed, a colt owned by Sir Charles Bunbury, who collected prize money of £1,065 15s. The first four runnings were contested over 1 mile, but this was amended to the current distance of 1½ miles in 1784. Lord Derby achieved his first success in the event in 1787, with a horse called Sir Peter Teazle. |
[/quote]
IMHO, any other horse race with the word 'Derby' in the name is an impostor/imitator/newcomer.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jun 01, 2013 10:57 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
| mqjeff wrote: |
I guess it depends on where you buy your ground beef... |
Hopefully not in a "boucherie chevaline" ... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| rammer |
| Posted: Sun Jun 02, 2013 4:14 pm Post subject: |
|
|
Partisan
Joined: 02 May 2002
Posts: 359
Location: England
|
Afternoon all,
Who would thought that a 10 hours flight from London to California can go so quick when you have MQ Security Manual and some VM's to play with
<Joseph, I am not deliberatly ignoring your questions so I apologise and am grateful for assistance from everyone on here>
With 10 hours to play on the flight this is what I set up and possibly may give what I was looking I am open to all comments pointing out changes needed.
To summarise.
The MQ Team do not support nor carry out support of MEssage Broker either in Development or Production Environments (at the moment)
so at present I am looking at the Developers environments and what they inform me they use.
MB Tookit
MB Explorer
RFHUtil
This is what I have done
Added MB User ID to mqm group
Created a Queue Manager
Allowed MB Team to define MB Instance
Then removed user ID from mqm to stop them using runmqsc etc
Created a channel MB.SVRCONN
Enabled chlauth
locked down all SYSTEM. Channels
Configured BLOCKIP2 for to allow access for certain IP range, named users and mapped to ID mqmmqi
Allowed connect to QMGR for mqmmqi
Allowed INQ, PUT, SET to all SYSTEM.BROKER.QUEUES
Allowed permissions for mqmmqi to SYSTEM.MQEXPLORER* AND SYSTEM.DEFAULT.MODEL.QUEUE (I have given to open permissions for these queues need to tighten them up)
Allowed browse to DLQ
So in testing if MB Team create a Execution Group via Toolkit it fails that it can not create the SYSTEM.BROKER.AUTH.XXX QUEUE.
I create this and give permissions for inq, put, set
MB Team can then deploy to it successfully
In MB Explorer they can view queues, messages etc.
What they can not do is put to queues such as DLQ, Cluster.Transmit.Q
They can not Create nor Delete objects
They can not Alter QMGR Properties
Thank you in advance |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
