ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » MQ security question

Post new topic  Reply to topic
 MQ security question « View previous topic :: View next topic » 
Author Message
guest468
PostPosted: Fri Jul 18, 2008 7:49 am    Post subject: MQ security question Reply with quote

Centurion

Joined: 30 May 2006
Posts: 146
Location: NY
Hi,
I am trying to connect to a QMGR using a svrconn which has mcauser set to null. I can connect to it from java (eclipse) but get authorization error if i try from C.
My understanding is if mcauser is set to null then QMGR uses user's own id to authenticate based on OAM entries. I am inside intranet so I assume my doman-id is what getting matched in OAM. But this id doesnot have any authrorization set (using setmqaut). So i am wondering how my java program is able to connect? (but when i set the mcauser to 'junk' then i get proper authorization error)

Any info on this appreciated.
Thanks
Back to top
View user's profile Send private message
SAFraser
PostPosted: Fri Jul 18, 2008 8:15 am    Post subject: Reply with quote

Shaman

Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
If you don't specifically set a user ID in your java code for connection purposes, I believe it connects by default as 'mqm'. With no mcauser set on the channel, the 'mqm' user is passed to the queue manager.

When you set the mcauser to 'junk', although your java program connects to the queue manager as 'mqm', the access to the queues themselves is by the user 'junk' - therefore, the authorization fails.

There are a number of ways to make this more secure, depending upon your site's needs.

(I hope I understood your question correctly?)
Back to top
View user's profile Send private message
sridhsri
PostPosted: Fri Jul 18, 2008 8:52 am    Post subject: Reply with quote

Master

Joined: 19 Jun 2008
Posts: 297
When MQ Client ID is unset or blank, MCA User ID is blank, you should be able to connect because the MCA process id is used.

When MQ Client ID is unset or blank, MCA User ID is Authorized user, you should be able to connect because the authorized user's credentials are used

Irrespective of when MQ Client ID is set or unset, if an unauthorized user is used for MCA User, you will NOT be able to connect.

To summarize, if you set an MCA user, then that is used for authenticating. If it is not set, then the MQ Client Id is used.
Back to top
View user's profile Send private message
vinbud117
PostPosted: Sun Jul 20, 2008 6:07 am    Post subject: Reply with quote

Acolyte

Joined: 22 Jul 2005
Posts: 61
sridhsri is perfect.

So in your case, maybe, the java program is not setting any ClientID and the MCAUSER id is blank. So the 'mqm' id is used for authorization.

Since, mqm has all privileges, the Java program is able to connect.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » MQ security question
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.