| Author |
Message
|
| qwerty |
 Posted: Mon Jun 22, 2009 11:51 pm Post subject: mqm always in the user identifier in the message header |
 |
|
Apprentice
Joined: 22 Jun 2009
Posts: 37
|
Hi,
I have 1 queue manager, when I send a message on this qmgr and I make a amqsbcgc command, I can look into the message header. The UserIdentifier is always mqm
but I send messages with 5 different users.
The problem is, that every user can send messages, even he has no rights and noc authorization to do that.
What can I do or where can I find a solution?
thank you 4 help =)
qwerty |
|
| Back to top |
|
 |
| Pavan Kumar PNV |
| Posted: Mon Jun 22, 2009 11:54 pm Post subject: |
|
|
Acolyte
Joined: 03 Feb 2007
Posts: 66
|
What did you use to send messages? What userid is that utility/program running under?
_________________
_____________
Pavan Pendyala
http://pavanz.blogspot.com |
|
| Back to top |
|
|
| qwerty |
| Posted: Tue Jun 23, 2009 12:05 am Post subject: |
|
|
Apprentice
Joined: 22 Jun 2009
Posts: 37
|
I used the sample programm amqsputc.
It is not mqm
always another user with NO AUTHORITY for this queue |
|
| Back to top |
|
|
| WMBDEV1 |
| Posted: Tue Jun 23, 2009 12:08 am Post subject: |
|
|
Sentinel
Joined: 05 Mar 2009
Posts: 888
Location: UK
|
| Which channel are you usiing to connect to the QM. Is there an MCA user (mqm) set on the channel? |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Tue Jun 23, 2009 12:23 am Post subject: Re: mqm always in the user identifier in the message header |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| qwerty wrote: |
Hi,
I have 1 queue manager, when I send a message on this qmgr and I make a amqsbcgc command, I can look into the message header. The UserIdentifier is always mqm
but I send messages with 5 different users.
The problem is, that every user can send messages, even he has no rights and noc authorization to do that.
What can I do or where can I find a solution?
thank you 4 help =)
qwerty |
Hows that possible that you are able to put the message using an id with no authorization on it ? 
A message can only be put if an id is authorized to access mq objects. (or some loop whole is there in the method you used to put/get)
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Tue Jun 23, 2009 12:28 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| Quote: |
| The UserIdentifier is always mqm |
fyi...
When a MQ listener receives a message, if the "MCAUSER" of the SVRCONN channel is blank, then the MQMD.UserID from the message is used for security checking.
Check who is setting the value as mqm.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| qwerty |
| Posted: Tue Jun 23, 2009 9:11 pm Post subject: |
|
|
Apprentice
Joined: 22 Jun 2009
Posts: 37
|
thanks shashivarungupta,
you solved my problem =) |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Tue Jun 23, 2009 9:27 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| qwerty wrote: |
thanks shashivarungupta,
you solved my problem =) |
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| qwerty |
| Posted: Tue Jun 23, 2009 10:25 pm Post subject: |
|
|
Apprentice
Joined: 22 Jun 2009
Posts: 37
|
Can somebody explain me the whole content?
The exact reason why the MCAUser is so important for all that?
and why it was changed to mqm?! |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Tue Jun 23, 2009 10:37 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Tue Jun 23, 2009 10:42 pm Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| qwerty wrote: |
| Can somebody explain me the whole content? |
If you didn't know the reasons then how did you come out of the problem?
Anyways bestizzz.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| qwerty |
| Posted: Wed Jun 24, 2009 12:46 am Post subject: |
|
|
Apprentice
Joined: 22 Jun 2009
Posts: 37
|
how can I set the MCAUSER on SVRCONN to blank?
and what problems do I have when I try to make a OAM security? |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Wed Jun 24, 2009 12:54 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| qwerty wrote: |
how can I set the MCAUSER on SVRCONN to blank?
|
Where ? in your program ? Or in MQ Explorer ?
{In mq explorer, on svr conn channel Under MCA you would see MCAUserID, dont give anything there, it'll be treated as blank.}
| Quote: |
| and what problems do I have when I try to make a OAM security? |
OAM, gives authorization to certain ids/groups over mq objects (as qmgr, queue, process etc.). If application(s) are not using those ids then connection wont be granted to them. (make sure you have settings in the client and server side for security exit. At server your step would be settings at svrconn channel exit parameters, id creation and authorization to that. )
For that better you read OAM chapter in Administrative manual from IBM.
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| WMBDEV1 |
| Posted: Wed Jun 24, 2009 12:56 am Post subject: |
|
|
Sentinel
Joined: 05 Mar 2009
Posts: 888
Location: UK
|
| qwerty wrote: |
| how can I set the MCAUSER on SVRCONN to blank? |
What searches did you perform before asking this question or are you just expecting for us to spoonfeed you the answers to every MQ question you will ever have? |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Wed Jun 24, 2009 1:01 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| WMBDEV1 wrote: |
| qwerty wrote: |
| how can I set the MCAUSER on SVRCONN to blank? |
What searches did you perform before asking this question or are you just expecting for us to spoonfeed you the answers to every MQ question you will ever have? |
Agree !!
 
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
|
|
