ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportxcsGetpwuid got password entry with user name too long

Post new topicReply to topic
xcsGetpwuid got password entry with user name too long View previous topic :: View next topic
Author Message
cheeyong.teh
PostPosted: Mon Apr 15, 2019 7:45 am Post subject: xcsGetpwuid got password entry with user name too long Reply with quote

Newbie

Joined: 15 Apr 2019
Posts: 4

Hi,

I'm have IBM WebSphere MQ 8.0.0.7 Client installed.

Currently I'm connecting to a server using SSL connection.

in the keystore (key.kdb) I have

Code:

*- ibmwebspheremqaaa.bbbb.ccccc


When I try to establish a SSL connection I'm getting

Code:

| Probe Description :- AMQ6125: An internal WebSphere MQ error has occurred.  |
| FDCSequenceNumber :- 0                                                      |
| Comment1          :- xcsGetpwuid got password entry with user name too long |
|   (more than 13 characters).                                                |
| Comment2          :- Details: getuid() returned 1005; getpwuid_r(1005)      |
|   found user name "aaa.bbbb.ccccc".                                         |
| Comment3          :- A user name of "UNKNOWN" will be used, which will      |
|   likely cause later authorisation failures. Note this FFST can be turned   |
|   off by exporting env var AMQ_NOFFST_PROCESS_UID.                          |
|                                                                             |
+-----------------------------------------------------------------------------+​


I have tried another userid which is 12 characters long and SSL connection works (after renaming the the cert label to new userid).

So my question is why IBM MQ client imposed this restriction? Is there a way around it so I can use "aaa.bbbb.ccccc" user account? Is this restriction exists in newer version (v9)?

Thanks,

Yong
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Apr 15, 2019 7:52 am Post subject: Re: xcsGetpwuid got password entry with user name too long Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25729
Location: Ohio, USA

cheeyong.teh wrote:
So my question is why IBM MQ client imposed this restriction?


Backwards compatibility; it's been limited to 12 characters since there was a technical reason to limiting it back in v2.

cheeyong.teh wrote:
Is there a way around it so I can use "aaa.bbbb.ccccc" user account?


Use LDAP not the internal OAM. May not be applicable in your use case; I urge you to search this forum for posts by Morag, the authority on MQ security.

cheeyong.teh wrote:
Is this restriction exists in newer version (v9)?


Yes.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
cheeyong.teh
PostPosted: Mon Apr 15, 2019 8:04 am Post subject: Re: xcsGetpwuid got password entry with user name too long Reply with quote

Newbie

Joined: 15 Apr 2019
Posts: 4

Vitor wrote:

Use LDAP not the internal OAM. May not be applicable in your use case; I urge you to search this forum for posts by Morag, the authority on MQ security.


Thanks for the reply.

Not sure if that work for me as aaa.bbbb.ccccc is just a local Linux account that will execute the mq client and connect to a server with SSL connection. I have Googled before I post here and found

https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.hpnss.doc/usernamemapping/unm00000.htm

but there isn't altmqusr in the bin folder for the client installation so I guess that only works for server.

I will search Morag posts.

Thanks
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Apr 15, 2019 8:51 am Post subject: Re: xcsGetpwuid got password entry with user name too long Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25729
Location: Ohio, USA

cheeyong.teh wrote:
but there isn't altmqusr in the bin folder for the client installation so I guess that only works for server.


Yes, they're server side commands & specific to 1 OS that's not the Linux you're using.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
cheeyong.teh
PostPosted: Mon Apr 15, 2019 8:54 am Post subject: Re: xcsGetpwuid got password entry with user name too long Reply with quote

Newbie

Joined: 15 Apr 2019
Posts: 4

Vitor wrote:

Yes, they're server side commands & specific to 1 OS that's not the Linux you're using.


cool, I guess I just need to have a Linux userid that is max 12 characters. thanks for your help.
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Apr 15, 2019 9:08 am Post subject: Re: xcsGetpwuid got password entry with user name too long Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25729
Location: Ohio, USA

cheeyong.teh wrote:
I guess I just need to have a Linux userid that is max 12 characters.




Sticking to 12 characters or less will also avoid problems with Windows & other OS.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Apr 15, 2019 8:52 pm Post subject: Reply with quote

Grand Master

Joined: 09 May 2013
Posts: 1141
Location: Bay of Plenty, New Zealand

As answered on your identical question over on IMWUC:-

Morag Hughson on IMWUC wrote:
You no longer need to be restricted by the label pattern that was originally required by IBM MQ:

Code:
ibmwebspheremq<userid>


From V8 and later you are able to use any label you want for your certificate and then tell IBM MQ what label you are using.

Code:
export MQCERTLABL=the-label-of-your-choosing


If you do this it won't trip over the length of your user id when locating the certificate label.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
cheeyong.teh
PostPosted: Tue Apr 16, 2019 1:47 am Post subject: Reply with quote

Newbie

Joined: 15 Apr 2019
Posts: 4

Thanks Morag, it works.
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Apr 16, 2019 4:59 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25729
Location: Ohio, USA

cheeyong.teh wrote:
Thanks Morag, it works.


Vitor wrote:
I urge you to search this forum for posts by Morag, the authority on MQ security.


Told you she was the best.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportxcsGetpwuid got password entry with user name too long
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.