| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQRC 2035 for the user specified in MQCSP |
« View previous topic :: View next topic » |
| Author |
Message
|
| shashikanth_in |
 Posted: Tue Apr 13, 2010 7:51 pm Post subject: MQRC 2035 for the user specified in MQCSP |
 |
|
Centurion
Joined: 26 Feb 2009
Posts: 123
|
I am trying to pass a different userid (not same as the logged in user id) to MQCONNX call and I am getting 2035 error. I am running Windows XP SP2 and trying to connect to the queue manager running the same machine. The user id I am passing exists on the machine and is part of mqm group.
Here is the code snippet
csp.Version = MQCSP_CURRENT_VERSION;
csp.AuthenticationType = MQCSP_AUTH_USER_ID_AND_PWD;
csp.CSPUserIdPtr = "marjamxp";
csp.CSPUserIdLength = 8;
csp.CSPPasswordPtr = "AAAsa";
csp.CSPPasswordLength = 5;
Connect_options.SecurityParmsPtr = &csp;
MQCONNX(QMName, /* queue manager */
&Connect_options, /* options for connection */
&Hcon, /* connection handle */
&CompCode, /* completion code */
&CReason); /* reason
Can some one please tell me what's going wrong? If I don't pass any user id or pass the logged in userid, it works fine, meaning MQCONNX returns success.
Thanks in Advance. |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Apr 14, 2010 3:42 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| enable authority events on the qmgr, determine what userid it thinks it's receiving. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Apr 14, 2010 2:15 pm Post subject: Re: MQRC 2035 for the user specified in MQCSP |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
Generally speaking, the MQCSP structure is used to send a UserID and Password for authentication at the remote side. Authentication is perform by a security exit (or OAM exit) which is invoked within the queue manager. Note: The queue manager does NOT authenticate a UserID and Password.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| shashikanth_in |
| Posted: Wed Apr 14, 2010 2:58 pm Post subject: |
|
|
Centurion
Joined: 26 Feb 2009
Posts: 123
|
| Read many posts in this forum and elsewhere. I could see that, MQ will always use the logged in user id, not the one passed by application. This assuming that MCA user id on the channel is blank. If application passes the user ids, then one has to implement their own mechanism (like exits) to verify if the users have rights to access MQ resources. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Apr 14, 2010 3:15 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| shashikanth_in wrote: |
| If application passes the user ids, then one has to implement their own mechanism (like exits) to verify if the users have rights to access MQ resources. |
Yes and No. You have 2 choices
1) Write your own security exit (or OAM exit)
2) Purchase a product like MQ Authenticate User Security Exit (MQAUSX). MQAUSX fully supports that code sample that you posted above.
Note: I'm the CTO/CEO etc... of Capitalware, so if you have any questions then please ask.
Also, you need to understand the difference between "authentication" and "authorization". First, you authenticate an incoming UserID and Password then MQ's OAM looks up its ACL (Access Control List) to see if that UserID has permission to access what it is trying to access.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Apr 14, 2010 4:28 pm Post subject: Re: MQRC 2035 for the user specified in MQCSP |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| RogerLacroix wrote: |
Hi,
Generally speaking, the MQCSP structure is used to send a UserID and Password for authentication at the remote side. Authentication is perform by a security exit (or OAM exit) which is invoked within the queue manager. Note: The queue manager does NOT authenticate a UserID and Password.
Regards,
Roger Lacroix
Capitalware Inc. |
Correct, MQ does not do anything with these fields, other than make them accessable to a security exit on the remote side. I have contacted the poster offline about this.
_________________
Glenn |
|
| Back to top |
|
|
| shashikanth_in |
| Posted: Thu Apr 15, 2010 9:33 am Post subject: |
|
|
Centurion
Joined: 26 Feb 2009
Posts: 123
|
Hi All,
Thanks for the clarification. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
