ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportAMS and DataFlow engine user Id

Post new topicReply to topic
AMS and DataFlow engine user Id View previous topic :: View next topic
Author Message
KIT_INC
PostPosted: Tue Jun 02, 2015 10:08 am Post subject: AMS and DataFlow engine user Id Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 549

I am running MB 7004 on OpenSuse 64 and AMS 7012.
My MB is running under ID mqsi. We have a number of AMS protected Q and have the keystore.conf under hone directory of mqsi/.mqs whihc tells the broker user (mqsi) what key store and what key to use to GET message off the Q
The current key size is 1024.
We now have a new flow using AMS Q that requires a key size of 2048.
Since the flow is running under the same broker and the DFE is running with user ID mqsi also. If my understanding is correct, AMS will look at the same keystore config under the same userId and will use the 1024 key.
How can I get this new 2048 AMS requirement to coexist with the existing one ? is it possible to get DFE running under different UserId or set the MQINPUT node to issue the MQAPI using a different user Id ?
Back to top
View user's profile Send private message
mqjeff
PostPosted: Tue Jun 02, 2015 11:13 am Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

In newer versions of Broker, I believe you can run each EG as a separate user.

Or at least set a different set of environment variables for each EG.
Back to top
View user's profile Send private message
KIT_INC
PostPosted: Wed Oct 17, 2018 12:02 pm Post subject: Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 549

Just a quick follow up on this. I am now on IIB 10. Are we able to specify a user Id for each Integration server (EG) as suggested by mqjeff a few years back? I saw this for zos on the info center "Specifying an alternative user ID to run an integration server on z/OS". But I cannot find anything for IIB on Unix and Windows. If I missed something, please let me know.
My current challenge is the MF on my Windows IIB 10 has to read AMS protected message. The DFE is now running under 'SYSTEM'. I think I have to specify a service user Id and set up AMS accordingly. Am I right ?
Back to top
View user's profile Send private message
timber
PostPosted: Thu Oct 18, 2018 1:03 am Post subject: Reply with quote

Sentinel

Joined: 25 Aug 2015
Posts: 868

You should probably be looking at ACE v11 and standalone integration servers deployed in Docker containers. That would definitely provide the independence that you're seeking.
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Oct 18, 2018 4:11 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25310
Location: Ohio, USA

KIT_INC wrote:
I am now on IIB 10. Are we able to specify a user Id for each Integration server (EG) as suggested by mqjeff a few years back?


Alarmingly, IBM seem to have overlooked the suggestion from my most worthy associate.

KIT_INC wrote:
I saw this for zos on the info center "Specifying an alternative user ID to run an integration server on z/OS".


It's a feature of z/OS that you can specify an alternative id on a task (subject to all sorts of rules and permissions). It's not an IIB capability.

KIT_INC wrote:
But I cannot find anything for IIB on Unix and Windows. If I missed something, please let me know.


So you didn't miss anything.

I think @timber (as is so often the case) has provided the best advice.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
mgk
PostPosted: Thu Oct 18, 2018 4:36 am Post subject: Reply with quote

Padawan

Joined: 31 Jul 2003
Posts: 1589
Location: IBM Hursley, UK

On Windows and Unix each Broker can have a different userid, but all "integration servers" under that Broker will use the same service id.
_________________
MGK
IBM Global Blockchain Enablement
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Oct 18, 2018 5:26 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25310
Location: Ohio, USA

mgk wrote:
On Windows and Unix each Broker can have a different userid, but all "integration servers" under that Broker will use the same service id.





I stand exacted
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportAMS and DataFlow engine user Id
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.