| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| setmqaut on principal or group |
« View previous topic :: View next topic » |
| Author |
Message
|
| mq__quest |
 Posted: Tue Jan 10, 2023 9:51 am Post subject: setmqaut on principal or group |
 |
|
Apprentice
Joined: 21 Aug 2017
Posts: 47
|
Hello experts,
when we issue the setmqaut command, do we have to use -p or -g ?
IBM doc. says "Note: Although users on AIX and Linux can use the -p option for the dmpmqaut command, they must use -g groupname instead when defining authorizations."
But when I use -g , I get the error "AMQ7026E: A principal or group name was invalid."
But it works fine when I use "-p". |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Jan 10, 2023 11:00 am Post subject: Re: setmqaut on principle or groups |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9396
Location: US: west coast, almost. Otherwise, enroute.
|
| mq__quest wrote: |
| IBM doc. says "Note: Although users on AIX and Linux can use the -p option for the dmpmqaut command, they must use -g groupname instead when defining authorizations." |
When quoting official doc, please post the URL.
Related: https://www.ibm.com/docs/en/ibm-mq/8.0?topic=commands-crtmqm says
| Quote: |
-oa group | user
[UNIX][Linux]On UNIX and Linux systems, you can specify whether group or user authorization is to be used. If you do not set this parameter, group authorization is used. You can change the authorization model later by setting the SecurityPolicy parameter in the Service stanza of the qm.ini file (see Service stanza format ). |
Is your security based on principal or group?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hughson |
| Posted: Tue Jan 10, 2023 8:42 pm Post subject: Re: setmqaut on principle or groups |
|
|
Padawan
Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand
|
| mq__quest wrote: |
But when I use -g , I get the error "AMQ7026E: A principal or group name was invalid."
But it works fine when I use "-p". |
Is the string you supply with -g a group name or a user name? Your suggestion that it works fine when you use -p suggests it is a user name. It could of course be a group name as well but if it is not a group name then the error is exactly right.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| mq__quest |
| Posted: Wed Jan 11, 2023 5:16 am Post subject: |
|
|
Apprentice
Joined: 21 Aug 2017
Posts: 47
|
Thanks bruce,
I see its set to "SecurityPolicy=User". |
|
| Back to top |
|
|
| mq__quest |
| Posted: Wed Jan 11, 2023 5:18 am Post subject: Re: setmqaut on principle or groups |
|
|
Apprentice
Joined: 21 Aug 2017
Posts: 47
|
| hughson wrote: |
| mq__quest wrote: |
But when I use -g , I get the error "AMQ7026E: A principal or group name was invalid."
But it works fine when I use "-p". |
Is the string you supply with -g a group name or a user name? Your suggestion that it works fine when you use -p suggests it is a user name. It could of course be a group name as well but if it is not a group name then the error is exactly right.
Cheers,
Morag |
It is both a user and group name, Morag.
I can see the output when i issue the command "id string" & "groups string". |
|
| Back to top |
|
|
| hughson |
| Posted: Sun Jan 15, 2023 7:40 pm Post subject: Re: setmqaut on principle or groups |
|
|
Padawan
Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand
|
| mq__quest wrote: |
| hughson wrote: |
| mq__quest wrote: |
But when I use -g , I get the error "AMQ7026E: A principal or group name was invalid."
But it works fine when I use "-p". |
Is the string you supply with -g a group name or a user name? Your suggestion that it works fine when you use -p suggests it is a user name. It could of course be a group name as well but if it is not a group name then the error is exactly right.
Cheers,
Morag |
It is both a user and group name, Morag.
I can see the output when i issue the command "id string" & "groups string". |
Is there anything interesting about the user and group repository that you are using? Is it just a basic on O/S repository, or are you using a PAM system, or some LDAP backed system? I guess what I'm getting at is, is there any way that the queue manager would not be able to correctly query a group name from the O/S because of, say, the level of authority the queue manager might have (not) been given to interact with the user/group repository.
I ask because the error message "AMQ7026E: A principal or group name was invalid." suggests the queue manager was unable to find the group name when it asked the O/S, but you are able to see it when you issue the groups command.
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
