| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| [Authenthication]user id and mqm group |
« View previous topic :: View next topic » |
| Author |
Message
|
| kartagos |
 Posted: Mon May 15, 2006 8:53 am Post subject: [Authenthication]user id and mqm group |
 |
|
Newbie
Joined: 13 Apr 2006
Posts: 6
|
Hi all,
I'm new to MQseries,
I managed to install, make basic configuration and setup queues and triggering and much more.
However, I have noticed a quite bizarre behaviour regarding the OAM and the users in the mqm group.
In a nutshell, here is my experience :
I have MQseries V6 running on Linux RedHat AS
I have a simple java client (MQ-JMS) running on windows on another machine
I want to "authenticate" my client (the java program) using the user ABCD054, so I :
1. I added a user ABCD054 into the mqm group, on my linux.
2. I used this during connection :
| Code: |
createQueueConnection("ABCD054",null);
|
as far as I konw, that's all I have basically to do.
But this still not working and I still get the error MQJMS2013.
after a lot of tests, I added a new user to the mqm group, with the name "abcd054" (the same, but in lowercase) ... and it WORKED OK!
then, I deleted the user ABCD054 (using a userdel), restarted my Qmanager, and started my client one again : it works fine with both "abcd054" and "ABCD054".
as long as "abcd054" belongs to the mqm group, I can connect my client application using users like ABCD054, aBcD054, abcD054, etc.
I'm now printing chapter 10 of the MQ Admin Guide (maybe I missed something  ), but I don'y have an explanation why MQseries seems to appreciate only users id in lowercase !! |
|
| Back to top |
|
 |
| wschutz |
| Posted: Mon May 15, 2006 9:01 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
see:
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.csqzae.doc/sec9.htm
| Quote: |
User IDs on UNIX systems
The queue manager converts all uppercase or mixed case user identifiers into lowercase, before inserting them into the context part of a message, or checking their authorization. All authorizations should therefore be based only on lowercase identifiers.
...
User IDs on Windows systems
On Windows systems, if there is no message exit installed, the queue manager converts any uppercase or mixed case user identifiers into lowercase, before inserting them into the context part of a message, or checking their authorization. All authorizations should therefore be based only on lowercase identifiers.
|
_________________
-wayne |
|
| Back to top |
|
|
| kartagos |
| Posted: Mon May 15, 2006 9:02 am Post subject: |
|
|
Newbie
Joined: 13 Apr 2006
Posts: 6
|
thanks a lot,
I was sure I was missing something around! |
|
| Back to top |
|
|
| tkane |
| Posted: Mon May 15, 2006 1:00 pm Post subject: |
|
|
Voyager
Joined: 23 Dec 2002
Posts: 82
Location: Kansas City
|
That fixed your problem but adding users to the mqm group is not the way to go in general. That gives them administrative authority and while it may work in a small shop or for development it's best to set up a good secure environment with proper roles as soon as you can and have good control over what the applications can and can't do.
Good Luck
Tom |
|
| Back to top |
|
|
| kartagos |
| Posted: Wed May 17, 2006 12:50 am Post subject: |
|
|
Newbie
Joined: 13 Apr 2006
Posts: 6
|
I'm reading through Admin guide and OAM reference. I saw that I can have more control on granted and revoked authorities ... but I don't have much time to master the whole thing.
But I have really to do it, because it will be in production very soon and it will be used to connect 2 big GSM operators 
Thanks anyway  |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
