| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| RACF authentication |
« View previous topic :: View next topic » |
| Author |
Message
|
| hcsiu |
 Posted: Thu May 22, 2003 4:39 am Post subject: RACF authentication |
 |
|
Newbie
Joined: 22 May 2003
Posts: 3
|
Hi,
Does anyone knows if Websphere MQ client 5.3 on Windows works with MQ Server 5.2.1 on OS390?
Another question is how can I pass the CICS userid and password from Windows MQ client to RACF ?
Many thanks in advance. |
|
| Back to top |
|
 |
| zpat |
| Posted: Thu May 22, 2003 5:16 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Should be no problem with mixing that level of client and server.
Don't understand the question about RACF. MQ will pass the Windows id to the server for authentication, if that is also a RACF userid (watch for upper case needed) then it will work assuming it has the access rights.
The actual security on the application depends how you handle the messages. For example we have a long running CICS transaction that reads the queue, and then starts the requested transaction under authority of the RACF userid obtained from the MQ message.
You will need to permit the CICS region id access to the SURROGAT resource so that you can issue EXEC CICS START with the USER parameter.
| Code: |
RDEFINE SURROGAT *.DFHSTART UACC(NONE) OWNER(*)
PERMIT *.DFHSTART CLASS(SURROGAT) ID(CICS Region Id) ACC(READ)
|
However since anyone can set a NT userid value up - you should verify the RACF userid and password using the CICS VERIFY security verbs.
Have a look at MQ UPDATE issue 4 (Oct 1999) - this back issue is available free from http://www.xephon.com/journals/more/MQ
PS - If anyone wants a current subscription to MQ UPDATE please drop me a PM here, I can get you a discount.
http://www.xephon.com./updates/MQf.html |
|
| Back to top |
|
|
| hcsiu |
| Posted: Thu May 22, 2003 6:18 pm Post subject: |
|
|
Newbie
Joined: 22 May 2003
Posts: 3
|
Thanks very much zpat.
The set up is like this:
Windows 2000 with MQ client 5.3
MQ server 5.2.1 installed on OS390
When a message is put from Windows appl to MQ, does the MQ server challenage the request?
There is another CICS txn program to read from the Q and requires a specific CICS user ID in order to create the transaction, how does the Windows appl pass this information over.
Thanks again for you help. |
|
| Back to top |
|
|
| mgrabinski |
| Posted: Thu May 22, 2003 10:56 pm Post subject: |
|
|
Master
Joined: 16 Oct 2001
Posts: 246
Location: Katowice, Poland
|
Hi,
There two seperate issues in your post:
1) authenticating the Windows user to allow him to connect to z/OS and put messages there
2) assigning a userID for the CICS transaction that will read messages
The first can be solved for example by creating a user at Win with name matching a suitable RACF profile.
As for the latter, your CICS transaction can be either triggered by incoming message(s) - it will then run under the userID of MQSeries trigger monitor, or it can be run manually - and will have a user of your choice.
_________________
Marcin Grabinski <>< |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
