ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » OAM Security between two MQ managers

Post new topic  Reply to topic
 OAM Security between two MQ managers « View previous topic :: View next topic » 
Author Message
pratim
PostPosted: Thu May 02, 2002 4:47 am    Post subject: Reply with quote

Newbie

Joined: 30 Apr 2002
Posts: 2
Location: Deere & Company
I have defined two users USERA and USERB and two local queues QUEUEA QUEUEB. My Q manager is in AIX machine.

USERA can not put message to a queue QUEUEB authorized to only USERB. When users are coming through servercon channel OAM security working OK.

But when USERA is using another MQManager (OS/390) coming through Xmit queue, sender/receiver channel. OAM is not restricting the user to put message to a queue (QUEUEB)which is not authorized for USERA to put message. I can see proper user identifier in MQMD field.

My question is how to put restriction on that. Why OAM is not checking for ACL ?

Any help will be appreciated.

Thank you ,

Pratim Pathak
Back to top
View user's profile Send private message
kolban
PostPosted: Thu May 02, 2002 7:28 am    Post subject: Reply with quote

Grand Master

Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA
What version and CSD of MQSeries are you running on the AIX machine? Did the channel start before you defined the security attributes? Is the case of the user's the same? Put a message to a queue (any queue) as USERA and also do the same coming from S/390 to the same queue. Use amqsbcg to browse the queue and compare the two MQMD headers of the two messages ... look for differencies.
Back to top
View user's profile Send private message
StefanSievert
PostPosted: Thu May 02, 2002 8:50 am    Post subject: Reply with quote

Partisan

Joined: 28 Oct 2001
Posts: 333
Location: San Francisco
Also, check the PUTAUT attribute of your receiver channel definition on the AIX box, it should be set to PUTAUT(CTX) not PUTAUT(DEF) (the default).
Stefan

_________________
Stefan Sievert
IBM Certified * WebSphere MQ
Back to top
View user's profile Send private message
pratim
PostPosted: Mon May 06, 2002 11:11 am    Post subject: Reply with quote

Newbie

Joined: 30 Apr 2002
Posts: 2
Location: Deere & Company
I am running CSD01 in my AIX MQ Manager. Receiving channel is being used by other users. If I change PUTAUT in the receiver channel, other users may be affected.
Not every user is defined in OAM. When we migrated from MQ Series 5.0 to 5.1. We created a security exit program to a generic mquser. And everybody is alowed to acess and put message to any queue in the Qmanager.
Now, business requires to restrict user on queue to queue basis. We have to move with no security to OAM security gradually. Since to add all users to the O/S is involved Unix administrator. I was wondering if there is any other way to stay in both situation.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » OAM Security between two MQ managers
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.