| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| RFHUTILC & Set User Id |
« View previous topic :: View next topic » |
| Author |
Message
|
| borats_lovechild |
 Posted: Tue May 15, 2007 8:43 am Post subject: RFHUTILC & Set User Id |
 |
|
Newbie
Joined: 15 May 2007
Posts: 3
Location: Harmondsworth
|
I'm using RFHUTILC against multiple servers, I can connect fine to the first one but I get a 2035 authorisation failure against the second one.
I am using the same Id for each, but it is a different password between machines.
I am concerned that the Set User Id dialog isn't saving the Id correctly, as even if I put User='blahblah' Password='nonsense' for instance it will still happily connect to the first machine.. so if giving the wrong information doesn't prevent me connecting to the first one, maybe it's not getting the changed password to enable me to connect to the second one.
This is using RFHUTIL(C) V4.2.0, build 187 (Sep 7 2006) on WinXp.
The first server is AIX I think, the second (naughty) one is Solaris.
Any ideas anyone? |
|
| Back to top |
|
 |
| zpat |
| Posted: Tue May 15, 2007 8:53 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| You could use the contact admin option and create a local id to match the one you want to run against. In many cases the password is not checked at the queue manager end. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue May 15, 2007 9:00 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
Unless you / your MQ Admin has implemented a security solution on those remote queue managers then MQ ignores the UserId and Password sent in the MQCSP security structure.
Hence, when you connect to the remote queue manager via RFHUTILC, the installed MQ Client code is retrieving your Windows logged on UserId and sending it to the remote queue manager (regardless of what you put in the security section).
Therefore, one of 2 things are happening:
- The SVRCONN channel has an authorized UserId in the MCAUSER field of the channel (very bad idea)
- Or your Windows UserId is authorized to one system but not to the other.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| borats_lovechild |
| Posted: Tue May 15, 2007 9:09 am Post subject: |
|
|
Newbie
Joined: 15 May 2007
Posts: 3
Location: Harmondsworth
|
OK, this might make some sense.. I have a note from someone who uses Machine A - "all these channels give access to any of the queues on the queue manager as they use the 'mqm' user to determine access".. so it sounds like they are set up with mqm as the MCAUSER.
(These are development systems, I'm sure we don't do such things on Live..)
But there must be authorisation required to get me to Unix before we can even start thinking about MQ?? How does that work? |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue May 15, 2007 9:19 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
| borats_lovechild wrote: |
| (These are development systems, I'm sure we don't do such things on Live..) |
You would be surprised what people have setup in their production systems.
Well, have your MQ Admin setup the Solaris queue manager then same as the AIX queue manager.
Or you can do the contact admin, as zpat suggested.
Or you can exploit a known security hole (But I am not suggesting this.):
http://www.mqseries.net/phpBB2/viewtopic.php?t=21782
Or you can switch to a Java tool that allows you to optionally set a UserId, hence, exploiting the same security hole (But I am not suggesting this).
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
