Hi,
I think that you've encountered a "feature" in NT security that allows:
A user on a machine to act on another machine/domain if there is a identical match on
userid and password in both places.
IOW if you have a local user MUSR_MQADMIN on machine A with password QWERTY and on
machine B you also have user MUSR_MQADMIN with password QWERTY.
When logged on to machine A as user MUSR_MQADMIN you can access resources on machine B
as user MUSR_MQADMIN on machine B via the network.
This is how NT Networking security works and the only way I know to get around it is
to have different passwords.
Regards,
Peter Larsson
Moish Carmon wrote ->
Hello all.
We have mqclients, v5.2 running on WinNT connecting to a queue manager,
v5.2 on Win2K.
According to the documentation, you can grant authority with setmqaut
command, using the domain to which the user belongs, in the form
[EMAIL PROTECTED]
But what we see is that any client connecting with this userid, doesn't
matter to which domain this user belongs, gets the authority of this
userid as specified on the setmqaut.
for example, local user id MUSR_MQADMIN on machine A, can connect as
client to queue manager on machine B, and get mq administrator security
to this queue manager.
Ofcourse, this is not what we want.
Any ideas how to avoid this problem ?
TIA,
Moish Carmon.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
