| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| User authrization issue, test vs production |
« View previous topic :: View next topic » |
| Author |
Message
|
| dnoam |
 Posted: Tue Feb 07, 2006 11:00 pm Post subject: User authrization issue, test vs production |
 |
|
Apprentice
Joined: 23 Jan 2006
Posts: 25
|
Hi.
We're developing MQ applications that run on AIX Clients.
Our customer has AIX Clients, AIX Server
The test env. has AIX Clients, Win2003 Server.
The authrization is based on the user that's already logged-on on the client, so the prod. env. has no problem. Totally transparent.
However, on our test environment, we have to define each AIX user on the Win 2003 server as well, and add him to the mqm group.
My question:
Is there an easier way, regarding user definition?
Some kind of bypass, avoiding the duplicate user definition?
Also, any solution should work both for the test and the prod. environment.
TIA |
|
| Back to top |
|
 |
| vennela |
| Posted: Tue Feb 07, 2006 11:15 pm Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
mcauser
Search for the above keyword in this forum |
|
| Back to top |
|
|
| gunter |
| Posted: Tue Feb 07, 2006 11:23 pm Post subject: |
|
|
Partisan
Joined: 21 Jan 2004
Posts: 307
Location: Germany, Frankfurt
|
Hi,
set MCAUSER to a user with the right permission.
Here is a thread with the same problem, there is also discussed why you shouldnt do that in an production environment.
http://www.mqseries.net/phpBB2/viewtopic.php?t=26157&highlight=mcauser
Authorithation on Unix is related to the group, I'm not sure but I assume windows sets permissions for user.
_________________
Gunter Jeschawitz
IBM Certified System Administrator - Websphere MQ, 5.3 |
|
| Back to top |
|
|
| dnoam |
| Posted: Wed Feb 08, 2006 12:50 am Post subject: |
|
|
Apprentice
Joined: 23 Jan 2006
Posts: 25
|
Great, thanks.
I'm well aware of the security hazards.
This is the solution I have in mind:
1. The Client app will check for a new env. var. called, say, MQ-BYPASS-USER-CHECK.
If exists, use MCAUSER
If not, work as before.
2. On the development/test. env., define the env. var.
3. On the production site, don't. The application will run as before. The customer wouldn't even know about this env. var.
result:
1. Easier on the development/test. No need to define each user.
2. Production behaviour doesn't change.
Remarks, anyone? |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Feb 08, 2006 2:33 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
| Quote: |
1. The Client app will check for a new env. var. called, say, MQ-BYPASS-USER-CHECK.
If exists, use MCAUSER
If not, work as before. |
MCAUSER is a setting on the SVRCONN end of the channel, it's not set at the client end, so I'm not sure what you are suggesting here.
However, if you setup the development environment so that the SVRCONN end of the channel that is used by the client set MCAUSER and you do not set MCAUSER on the production systems, that should work.
_________________
-wayne |
|
| Back to top |
|
|
| dnoam |
| Posted: Wed Feb 08, 2006 2:59 am Post subject: |
|
|
Apprentice
Joined: 23 Jan 2006
Posts: 25
|
Thanks for the clarification.
I understand it now.
(I think  ) |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
