| Author |
Message
|
| PeterPotkay |
 Posted: Thu Jan 29, 2009 5:32 am Post subject: mqsisetdbparms - any way to report on it? |
 |
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Thu Jan 29, 2009 5:39 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Peter,
The only way I know is to dig into the Registry (windows) or the /registry directory on Linux/Unix.
You can see the DB names and everything apart from the encrypted password.
Windows is
HKEY_LOCAL_MACHINE/SOFTWARE/IBM/WebsphereMQIntegrator/2/BrokerName/CurrentVersion/DSN/DBName/
You get three entries
(Default)
Pasword
UserId
Enjoy
/Steve
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jan 29, 2009 11:00 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| smdavies99 wrote: |
Peter,
The only way I know is to dig into the Registry (windows) or the /registry directory on Linux/Unix.
You can see the DB names and everything apart from the encrypted password.
Windows is
HKEY_LOCAL_MACHINE/SOFTWARE/IBM/WebsphereMQIntegrator/2/BrokerName/CurrentVersion/DSN/DBName/
You get three entries
(Default)
Pasword
UserId
Enjoy
/Steve |
Steve, wouldn't most of that information be available either through mqsidisplayparameters or through mqsiservice?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Thu Jan 29, 2009 1:41 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Peter,
You re probably correct there. I haven't used those commands to look at that sort of stuff since 5.0.0.0 days. Before that, you certainly had to look in the registry.
Oh well, you live and learn. Thanks for pointing that out.
/Steve
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jan 29, 2009 4:52 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| AkankshA |
| Posted: Thu Jan 29, 2009 11:25 pm Post subject: |
|
|
Grand Master
Joined: 12 Jan 2006
Posts: 1494
Location: Singapore
|
| fjb_saper wrote: |
| Steve, wouldn't most of that information be available either through mqsidisplayparameters or through mqsiservice? |
I suppose No... as mqsiservice does not display external DB access details..
never heard of mqsidisplayparameters 
i alway check registry for unix systems..
/var/mqsi/registry/BROKER/CurrentVersion/DSN
_________________
Cheers |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 30, 2009 3:57 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Sorry the command might not be exact... but there is a command to report the current parameters maybe mqsireportproperties ...
Did not find the exact syntax for mqsiservice as this seems to be a command that is not described in the doc.
mqsiservice BROKERNAME lists the broker's DB attributes (DSN name, username)
mqsireportproperties should give you the DB's configured to be used by the broker (configurable service) however I am unsure whether it will allow you to see the user (security) for that service.
As stated above it is to be found in the registry...
All security related commands seem to allow you to set, alter and delete but there is no list or display... Has anybody tried with mqsireportparameters to see if those can be displayed that way?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 30, 2009 4:04 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
There is mqsilistaclentry. It will not show DSN security entries. I don't believe there is a function to show DSN security entries. I don't think anyone actually wants this command to report the password, even if it existed. I wonder if there's something in the CMP API that can be used... I haven't looked.
mqsiservice is undocumented. It's for, you know, service. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 30, 2009 4:14 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
There is mqsilistaclentry. It will not show DSN security entries. I don't believe there is a function to show DSN security entries. I don't think anyone actually wants this command to report the password, even if it existed. I wonder if there's something in the CMP API that can be used... I haven't looked.
mqsiservice is undocumented. It's for, you know, service. |
Jeff I don't think anybody wanted to look at the password. (This would indeed violate security)
But being able to list the userid would be nice. Just in case the userid password expired, or to decide which DSN to use when you have multiple ones defined against the same DB, but with a different userid for each, or verify that you can access the DB with the userid...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqmatt |
| Posted: Fri Jan 30, 2009 4:34 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
It's a known requirement.
This said, If you want to see it I'd recommend raising a requirement through your friendly IBM account rep to help get it bumped up the priority stack. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Jan 30, 2009 12:14 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| fjb_saper wrote: |
Jeff I don't think anybody wanted to look at the password. (This would indeed violate security)
|
You need to know the password when you issue mqsisetdbparms.
You have to be in the mqbrkrs group to issue mqsisetdbparms.
I don't see the harm is letting someone in the mqbrkrs group be able to issue a future command that reports the User ID AND shows the password. This can be useful in trouble shooting.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
