| Author |
Message
|
| KIT_INC |
 Posted: Tue Jun 02, 2015 10:08 am Post subject: AMS and DataFlow engine user Id |
 |
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
I am running MB 7004 on OpenSuse 64 and AMS 7012.
My MB is running under ID mqsi. We have a number of AMS protected Q and have the keystore.conf under hone directory of mqsi/.mqs whihc tells the broker user (mqsi) what key store and what key to use to GET message off the Q
The current key size is 1024.
We now have a new flow using AMS Q that requires a key size of 2048.
Since the flow is running under the same broker and the DFE is running with user ID mqsi also. If my understanding is correct, AMS will look at the same keystore config under the same userId and will use the 1024 key.
How can I get this new 2048 AMS requirement to coexist with the existing one ? is it possible to get DFE running under different UserId or set the MQINPUT node to issue the MQAPI using a different user Id ? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Tue Jun 02, 2015 11:13 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
In newer versions of Broker, I believe you can run each EG as a separate user.
Or at least set a different set of environment variables for each EG. |
|
| Back to top |
|
|
| KIT_INC |
| Posted: Wed Oct 17, 2018 12:02 pm Post subject: |
|
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
Just a quick follow up on this. I am now on IIB 10. Are we able to specify a user Id for each Integration server (EG) as suggested by mqjeff a few years back? I saw this for zos on the info center "Specifying an alternative user ID to run an integration server on z/OS". But I cannot find anything for IIB on Unix and Windows. If I missed something, please let me know.
My current challenge is the MF on my Windows IIB 10 has to read AMS protected message. The DFE is now running under 'SYSTEM'. I think I have to specify a service user Id and set up AMS accordingly. Am I right ? |
|
| Back to top |
|
|
| timber |
| Posted: Thu Oct 18, 2018 1:03 am Post subject: |
|
|
Grand Master
Joined: 25 Aug 2015
Posts: 1292
|
| You should probably be looking at ACE v11 and standalone integration servers deployed in Docker containers. That would definitely provide the independence that you're seeking. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Oct 18, 2018 4:11 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| KIT_INC wrote: |
| I am now on IIB 10. Are we able to specify a user Id for each Integration server (EG) as suggested by mqjeff a few years back? |
Alarmingly, IBM seem to have overlooked the suggestion from my most worthy associate.
| KIT_INC wrote: |
| I saw this for zos on the info center "Specifying an alternative user ID to run an integration server on z/OS". |
It's a feature of z/OS that you can specify an alternative id on a task (subject to all sorts of rules and permissions). It's not an IIB capability.
| KIT_INC wrote: |
| But I cannot find anything for IIB on Unix and Windows. If I missed something, please let me know. |
So you didn't miss anything.
I think @timber (as is so often the case) has provided the best advice.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mgk |
| Posted: Thu Oct 18, 2018 4:36 am Post subject: |
|
|
Padawan
Joined: 31 Jul 2003
Posts: 1642
|
On Windows and Unix each Broker can have a different userid, but all "integration servers" under that Broker will use the same service id.
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Oct 18, 2018 5:26 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mgk wrote: |
| On Windows and Unix each Broker can have a different userid, but all "integration servers" under that Broker will use the same service id. |
I stand exacted
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
