I have not attempted this with 5.3 but if I authenticate a user on their
Windows workstation, and as that user have been given rights to certain MQ
resources, I can trust them to do what MQ work they need to do.   In the
past when I attempted this, the authenticated token that comes over from
the windows client does not seem to match the unix /etc/passwd matching
userid.  Seems like when you authenticate on the Windows side from a NT
domain, that information passed in the message header does not match the
unix userid.   Should I go through my testing again to verify this ?  It
never made much sense to me.  We had to get around it my hardcoding a valid
ID in the MCAUSER field in the client channel.




                      "Wyatt, T. Rob"
                      <[EMAIL PROTECTED]        To:       [EMAIL PROTECTED]
                      MERICA.COM>                 cc:
                      Sent by: MQSeries           Subject:  Re: Channel Exits
                      List
                      <[EMAIL PROTECTED]
                      C.AT>


                      01/14/2004 02:54 PM
                      Please respond to
                      MQSeries List






Wesley,

I assume you are trying to use Windows authentication as a convenience and
not for business-critical data, right?  In other words, your intent is to
create an honor-system rather than enforced authorizations?

-- T.Rob

-----Original Message-----
From: Wesley Shaw [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 1:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Channel Exits


I have defined the windows user in /etc/passwd and used setmqaut to
associated that users group ID with the MQ resources they should be able to
use.  I would then prefer to not hard code anything in the MCAUSER parm.
But when doing the authentication, it appears to not recognize the  userid
authenticated over on the Windows box when it gets to Unix.  Somehow that
same userid is different between Windows and Unix.  Unless I am missing
something.






                      "Dawson, John"
                      <[EMAIL PROTECTED]        To:
[EMAIL PROTECTED]
                      IGROUP.COM>               cc:
                      Sent by: MQSeries         Subject:  Re: Channel Exits
                      List
                      <[EMAIL PROTECTED]
                      .AC.AT>


                      01/14/2004 01:15
                      PM
                      Please respond to
                      MQSeries List






Wesley,

  Are you trying to send a message to the UNIX system from the Windows
environment without defining the Windows user id to the UNIX system and not
hard coding the UNIX user id in the channel MCAUSER parameter?


Thanks,

John

 -----Original Message-----
From:   Wesley Shaw [mailto:[EMAIL PROTECTED]
Sent:   Wednesday, January 14, 2004 11:44 AM
To:     [EMAIL PROTECTED]
Subject:        Re: Channel Exits

Need to handle the client channel security between a Win2000 client and
Unix MQ Server.  I can not seem to get setmqaut to understand how
to connect a Windows authenticated user ID on a unix group/userid system.
They are not the same even though the ID might be the same.
For example:    ntdomain\wesley      vs      just   wesley  in unix


Wesley Shaw
OJRP 10th Floor
Work: 804 771 3589 (736-3589)
Pager: 888 436 2805 Mobile 804 512 5260



                      Aby Philip
                      <[EMAIL PROTECTED]        To:
[EMAIL PROTECTED]
                      GROUP.COM>               cc:
                      Sent by: MQSeries        Subject:  Re: Channel Exits
                      List
                      <[EMAIL PROTECTED]
                      N.AC.AT>


                      01/14/2004 12:26
                      PM
                      Please respond to
                      MQSeries List






Hi Wesley,
What kind of exits are you looking at. I mean what sort of functionality?

Aby Philip
      -----Original Message-----
      From: MQSeries List on behalf of Wesley Shaw
      Sent: Wed 1/14/2004 10:46 PM
      To: [EMAIL PROTECTED]
      Cc:
      Subject: Re: Channel Exits

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Reply via email to