The following is my best understanding of our situation. This question
is more application driven and I am hopeful it will jog someone's memory out
there.
Does anyone know how to run NT MQLSX version 1.3.3 under
Lotus Domino 5.0.8 server with a different userid to allow a secured
V5.2/V5.3 MQ Client connection to OS/390 V5.2 MQSeries Q manager while
preserving Domino Server console access?
We tried setting the MCAUSER on the SVCONN but our RESLEVEL
is set to NONE for the Chinit on OS/390 running RACF. This forces the user
identifier from the context and the Chinit userid to be checked as per the
OS/390 V5.2 System Setup Guide. We then used ONLYMCA as PUTAUT to reduce
the checking to the user identifier from the context. So, the userid that
is passed from the NT Domino server is SYSTEM, a default as I understand it.
We would rather use a different userid that matches our RACF standards by
environment.
The application group is trying to switch to JAVA however
they are not quite done yet. We need to set up our RESLEVEL to the highest
level of checking to ensure security checking is performed to the finest
degree possible (i.e. the userid from the other side or context userid).
We had some partial success in starting LSX under a
different userid, however we lost the Domino Server console capability. We
are not sure how to give the userid chosen to run Domino Server console
authority.
As an alternative approach, I am wondering if it is possible to call
a different process that runs under a preferred userid that would perform
the MQ Client work.
Thanks
Frank
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
