| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| 5.3 vs 6.0 authorisation |
« View previous topic :: View next topic » |
| Author |
Message
|
| alvinlimtc |
 Posted: Sun Feb 12, 2006 11:54 pm Post subject: 5.3 vs 6.0 authorisation |
 |
|
Apprentice
Joined: 22 Dec 2005
Posts: 29
Location: Singapore
|
Hi,
I'm getting a similar problem to this post :
http://mqseries.net/phpBB/viewtopic.php?t=24902&highlight=mqjms2013&sid=a9e59b270ce126e6967cf50f55306493
My JMS app in 5.3 works, but gets the ' MQJMS2013: invalid security authentication supplied for MQQueueManager' error in MQ6.
The above post already shows me the solution and it works, but my question is, why the difference in 5.3 and 6? By default, 5.3 does not perform authorisation checks, where as 6 does? This is not documented anywhere, or at least I can't find it.
Can anyone verify whether this is so? I need to justify why I need to turn off authorisation in 6 whereas I didn;t have to do it in 5.3
Thanks. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Feb 13, 2006 3:34 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
To my knowledge you do not need to take off authorizations in V6.
Just remember you should not run V6 without refresh pak 1.
As well there is a little difference on the SYSTEM queue's authorizations.
But this should not affect your regular apps authorizations.
Make sure you use amqoamd -s to export the authorisations and run the script provided as output if you recreate the qmgr.
make sure as well that the group the qmgr is authorized for is present on the box and holds the same names which should be valid ids.
Check as well that the layer on your app has not been changed like from passing a empty string to passing the userid, or the channel definition check whether the MCAUSER is blank... and finally check that the usr running the MQ listener in 6.0 on the port used is the correct one and has the same authorizations as in 5.3
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| BenR |
| Posted: Mon Feb 13, 2006 11:21 pm Post subject: |
|
|
Acolyte
Joined: 31 Jan 2006
Posts: 60
Location: Hursley, UK
|
| In version six, if you create a JMS connection with the ConnectionFactory.createConnection() method, then the JVM process ID is sent to the queue manager, rather than an empty String. The createConnection(String username, String password) method allows you to send any username you like. |
|
| Back to top |
|
|
| alvinlimtc |
| Posted: Tue Feb 14, 2006 5:46 am Post subject: |
|
|
Apprentice
Joined: 22 Dec 2005
Posts: 29
Location: Singapore
|
Thanks for the replies.
BenR, you are a life-saver.
Just to confirm, in 5.3, using createConnection(), caused an empty string to be sent. The empty string allows the authorisation to pass through. In 6, createConnection() passed the userid of the JVM, and hence the userid requires the proper authorisations.
Know where this is documented?
Thanks. |
|
| Back to top |
|
|
| BenR |
| Posted: Tue Feb 14, 2006 8:32 am Post subject: |
|
|
Acolyte
Joined: 31 Jan 2006
Posts: 60
Location: Hursley, UK
|
It's in the product readme - s 1.5.5.13 in the one I have here, although I must confess that I don't know quite what version of MQ I have. The client i'm using doesn't quite correspond to any in the 'real world'. 
It will become part of the formal documentation at some point (or may have already, i'm not sure).
| Quote: |
1.5.5.13 Connection user ID on connection creation
If no user ID is specified when you create a connection in client
transport mode, the application process ID will now be passed to the
server. Therefore, ensure this process ID has the relevant
authorizations on the server machine. |
|
|
| Back to top |
|
|
| alvinlimtc |
| Posted: Tue Feb 14, 2006 7:06 pm Post subject: |
|
|
Apprentice
Joined: 22 Dec 2005
Posts: 29
Location: Singapore
|
Hi,
Let me clarify.
In your post, you mention that "... the JVM process ID is sent to the queue manager, rather than an empty String."
I take this to mean that in MQ5.3, an empty userid is sent. Know where this is documented, or rather, how did you came about finding this?
As far as I know, the process ID is sent when no user ID is specified, for both MQ 5.3 and MQ 6, as you have kindly pointed out in the product README.
Thanks. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
