| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| SOLUTION: Unix authorisations |
« View previous topic :: View next topic » |
| Author |
Message
|
| kolthorr |
 Posted: Mon Jan 24, 2005 4:52 am Post subject: SOLUTION: Unix authorisations |
 |
|
Apprentice
Joined: 09 Mar 2002
Posts: 31
|
Hi all,
Just been through some pain setting up security on solaris & thought I'd share the solution in case anyone runs into it.
We added MCA userids to new SVRCONN channels for each of our client apps. Then added groups at the solaris level, applied the various setmqaut permissions, and checked they were ok with dspmqaut. But we were still getting MQRC 2035. Checked the Authority events, they were reporting the expected userids.
Turns out, despite unix security being applied at the group level, there still needs to be a USER in each group. We had just created empty groups to receive the security which appeared to work. But without a unix user in them, MQ just didn't want to authorise anything. So we created a user for each group, and a quick REFRESH SECURITY later we were on our way...
Cheers,
Andrew |
|
| Back to top |
|
 |
| zen |
| Posted: Wed May 18, 2005 11:10 pm Post subject: |
|
|
Apprentice
Joined: 11 May 2005
Posts: 32
Location: Singapore
|
Hi,
I happened to view your old post where I'm encountering the same problem. I've been encountering a 2035 Connection Refused Exception when my client program is trying to connect to the MQ server. I was trying to look where I can find the userid that is being sent by my client to the MQ server. I tried looking at the logs and errors but I'm not able to see them. Can you please guide me on where and how can I see in the QM server, the userid that is being passed by the client during connection?
Thank you very much!
zen |
|
| Back to top |
|
|
| vennela |
| Posted: Thu May 19, 2005 5:53 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| zen wrote: |
Hi,
Can you please guide me on where and how can I see in the QM server, the userid that is being passed by the client during connection?
Thank you very much!
zen |
What programming language is the client app written in? |
|
| Back to top |
|
|
| kolthorr |
| Posted: Fri May 20, 2005 8:06 am Post subject: |
|
|
Apprentice
Joined: 09 Mar 2002
Posts: 31
|
Probably the easiest client-independent way is to turn on queue manager authorisation events:
- in runmqsc, enter ALTER QMGR AUTHOREV (ENABLED)
Then run your app, see the failure. Then use a tool to browse the SYSTEM.ADMIN.PERFM.EVENT queue (eg. support pac MO71) which will show you the message detail. This message will contain the userid your app sent.
Java apps won't send a userid by default. C apps will send the userid they're run as.
Cheers,
Andrew |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
