| Author |
Message
|
| dev135 |
 Posted: Wed Nov 11, 2009 6:41 pm Post subject: User Id for setmqaut |
 |
|
Apprentice
Joined: 21 Oct 2008
Posts: 44
|
Hi,
Does a user id needs to exist on server if i need to run setmqaut command on any platform? |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Wed Nov 11, 2009 6:58 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
The User ID must be known to the server.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| dev135 |
| Posted: Wed Nov 11, 2009 7:26 pm Post subject: |
|
|
Apprentice
Joined: 21 Oct 2008
Posts: 44
|
Thanks Peter...
Is it not possible to define setmqaut without user id existing on server on any platform ???because i remember someone told it can be defined... |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Nov 11, 2009 8:20 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| dev135 wrote: |
| because i remember someone told it can be defined... |
Then ask this someone how they did it. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Wed Nov 11, 2009 11:31 pm Post subject: Re: User Id for setmqaut |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| dev135 wrote: |
Hi,
Does a user id needs to exist on server if i need to run setmqaut command on any platform? |
I believe you know the setmqaut command and its parameters .. if yes., then you should also know that the userid should be defined there on the server where you are executing the command.
Otherwise during exit handshake the authentication will fail as your userid does not exist on the server. 
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| aditya.aggarwal |
| Posted: Mon Nov 16, 2009 9:48 am Post subject: |
|
|
Master
Joined: 13 Jan 2009
Posts: 252
|
One can define the user id of remote application in mcauser field of SVRCONN Channel...
This id can be autheticated using setmqauth...
Regards,
Aditya |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Nov 16, 2009 10:52 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| aditya.aggarwal wrote: |
One can define the user id of remote application in mcauser field of SVRCONN Channel...
This id can be autheticated using setmqauth... |
Provided that user also exists on the system where the MCAUSER value is set, yes. The Object Authority Manager can only work with local accounts, and it does not authenticate, but grant authorities.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Nov 16, 2009 11:29 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
It can also work with domain IDs. That's why I said the ID has be known to the server, not that the ID has to be defined on the server.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Mon Nov 16, 2009 11:42 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| aditya.aggarwal wrote: |
...This id can be autheticated using setmqauth...
|
* setmqaut
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Nov 16, 2009 9:37 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| PeterPotkay wrote: |
| It can also work with domain IDs. That's why I said the ID has be known to the server, not that the ID has to be defined on the server. |
Thank you for pointing out my obvious blunder 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Nov 16, 2009 9:51 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
And remember that if you setup the authorizations against the user id in Unix it will effectively create the authorization against the primary group id of said user at the time you run setmqaut.
So please guy's even on windows, get into the habit of doing the authorizations at group level. You can always authorize individual users by adding them to the relevant groups. (Remember you may have to run refresh security on the qmgr after a change of group on the os for the userid.)
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
