ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » message userid

Post new topic  Reply to topic
 message userid « View previous topic :: View next topic » 
Author Message
solomon_13000
PostPosted: Sat Jul 19, 2008 12:52 am    Post subject: message userid Reply with quote

Master

Joined: 13 Jun 2008
Posts: 284
When we send a message we include a userid in the message. The userid will determent if the message can be put into a queue. Now who will determent if the userid is valid?. Is it the queue manager, the OS in which the queue is residing or a special program build to validate the message userid before it is put into a queue?.
Back to top
View user's profile Send private message
sami.stormrage
PostPosted: Sat Jul 19, 2008 2:17 am    Post subject: racf Reply with quote

Disciple

Joined: 25 Jun 2008
Posts: 186
Location: Bangalore/Singapore
The Qmgr as well as an exernal code if you have setup an exit for the same.
_________________
*forgetting everything *
Back to top
View user's profile Send private message Yahoo Messenger
sridhsri
PostPosted: Sat Jul 19, 2008 6:55 am    Post subject: Reply with quote

Master

Joined: 19 Jun 2008
Posts: 297
I had posted this earlier:

When MQ Client ID is unset or blank, MCA User ID is blank, you should be able to connect because the MCA process id is used.

When MQ Client ID is unset or blank, MCA User ID is Authorized user, you should be able to connect because the authorized user's credentials are used

Irrespective of when MQ Client ID is set or unset, if an unauthorized user is used for MCA User, you will NOT be able to connect.


To summarize, if you set an MCA user, then that is used for authenticating. If it is not set, then the MQ Client Id is used.

MQ does authorization of the OS user - i.e., it check if the given user has requisite permissions on the qmgr object. It does not check for the user password even if it is set. Therefore, it does not authenticate. If you impersonate the 'mqm' user then MQ will grant all privileges.

There are a couple of ways to handle security. A simple but effective step is never to use a blank MCA User for all your server connection channels.

Tha bove hold good only for client connection channels. If you needed some security on bindings mode or if you wanted to perform authentication also, you will have to implement MQZ_AUTHENTICATE_USER.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » message userid
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.