| Author |
Message
|
| msathe |
 Posted: Thu Dec 01, 2005 5:10 am Post subject: Setting UserIdentifier using C, getting 2035 |
 |
|
Newbie
Joined: 01 Dec 2005
Posts: 3
|
hi,
Im trying to connect to a remote QM using mqconnx and I want to send PCF messages. only 'mqm' user has admin permission on the QM. so i have to run the program by logging in as 'mqm' user id from the client machine. otherwise it throws 2035. I tried to set the user id in the program:
strcpy(ClientConn.UserIdentifier, "mqm");
strcpy(ClientConn.Password, "apple1");
but it does not work. In Java even if we do not specify the user id in the MQEnv and the program is running as a different user then also the connection goes thru fine.
Thanks
[/i] |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Dec 01, 2005 5:28 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You can't override the native OS user in the C++ API.
The Java API can't access the native OS User. If no user is specified, the Java API specifies a blank user. In the default configuration, a blank user is treated as the MQM user, thus having full priviledges...
I don't remember the name of the setting that allows you to disable this treatment of a blank user... and I solve this security flaw in a different manner, myself.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| msathe |
| Posted: Thu Dec 01, 2005 5:39 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2005
Posts: 3
|
thanks for the quick response.
I cannot run the program as a 'mqm' user or any specific user. So the authentication info has to be constructed in the runtime.
Could you please tell me if there is any workaround. or the way you deal with this problem. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Dec 01, 2005 5:51 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Sorry.
I made a mistake. The MQCONNX call can override the userid.
Just not in the fields you are using.
In v5, the field I think you want is the "Remote Security ID" in the MQCD.
The User Identifier field and password field you are trying to use are marked for LU6.2 only, not for TCP/IP.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| msathe |
| Posted: Thu Dec 01, 2005 6:26 am Post subject: |
|
|
Newbie
Joined: 01 Dec 2005
Posts: 3
|
thanks,
But Im still getting the same error. I tried following.
strcpy(ClientConn.RemoteUserIdentifier, "mqm");
strcpy(ClientConn.RemotePassword, "apple1");
strcpy(ClientConn.RemoteSecurityID, "mqm");
Note: RemoteSecurityID is not available at all libraries. It got compiled at one location.
What is 'LongRemoteUserIdPtr' and 'LongRemoteUserIdLength'. how to use it and set its value. Do we have to use it. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Dec 02, 2005 11:57 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
You can't overwrite the user id on the C client, it will pass on the signed on userid.....
To override it you need a security exit of some kind.
You can write your own, buy one like the Tivoli package.
There are also some free versions like my BlockIP2 at http://www.mrmq.dk/BlockIP2.htm
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| hopsala |
| Posted: Fri Dec 02, 2005 11:23 pm Post subject: Re: Setting UserIdentifier using C, getting 2035 |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
| msathe wrote: |
| I cannot run the program as a 'mqm' user or any specific user. So the authentication info has to be constructed in the runtime. |
?
No process on any operation system on earth can run "with no user", what did you mean by this?
| msathe wrote: |
| only 'mqm' user has admin permission on the Q |
But anyway, no need for all this messing about with exits - Just give the user you wish to use admin permissions, or run your appl under mqm. Look up "setmqaut" here and in the manuals; If this is a test system you can remove authorization checks completely. |
|
| Back to top |
|
|
|
|
