[英]Error 2035 ('MQRC_NOT_AUTHORIZED') from HermesJMS to MQ8
I am accessing an MQ8 server using HermesJms. 我正在使用HermesJms访问MQ8服务器。
The latter has the following configuration: 后者具有以下配置:
However, when I am trying to "Discover" via the relevant option provided by Hermes, I get an 2035
with the following message appearing on the queue manager error logs: 但是,当我尝试通过Hermes提供的相关选项“发现”时,出现
2035
,队列管理器错误日志中出现以下消息:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
EXPLANATION:
The call to initialize the User ID 'pkaramol' failed with CompCode 2 and Reason
2035.
Note that pkaramol
is my local OS user I am logged in as, in the linux machine running Hermes. 请注意,
pkaramol
是我以运行Hermes的linux机器登录的本地OS用户。
Questions : 问题 :
1) Why I get the following error despite the fact that I have disabled both CHLAUTH
and CONNAUTH
: 1)为什么我禁用了
CHLAUTH
和CONNAUTH
却得到以下错误:
ALTER QMGR CHLAUTH(DISABLED) CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
2) Why is the server perceiving pkaramol
as the user trying to access the queue manager, although I am explicitly providing mquser
in both ClientID
and user
fields of HermesJMS? 2)尽管我在
mquser
的ClientID
和user
字段中都明确提供了mquser
,但是为什么服务器试图将pkaramol
视为用户尝试访问队列管理器?
I cannot find much documentation on HermesJMS, but through some trial and error I found out that it does not honor the User
and Password
settings if you click Discover, it will always send the user you are logged in as to the queue manager, this is why you do not see the user mquser
. 我在HermesJMS上找不到太多文档,但是通过一些试验和错误,我发现如果单击“发现”,它将不接受“
User
和“ Password
设置,它将始终将您登录的用户发送到队列管理器,这是为什么看不到用户mquser
。 Because you are running it as the user pkaramol
which does not exist on the server where your queue manager is running you receive the following error: 因为您以运行队列管理器的服务器上不存在的
pkaramol
用户pkaramol
运行它,所以会收到以下错误:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
I also found that to perform the discover it opens a temporary dynamic queue using the model queue SYSTEM.DEFAULT.MODEL.QUEUE
and puts PCF messages to the SYSTEM.ADMIN.COMMAND.QUEUE
. 我还发现,要执行发现,它会使用模型队列
SYSTEM.DEFAULT.MODEL.QUEUE
打开一个临时动态队列,并将PCF消息放入SYSTEM.ADMIN.COMMAND.QUEUE
。 In addition for it to discover any queue details you must have at minimum +inq
and +dsp
on the queues. 此外,要发现任何队列详细信息,队列上必须至少具有
+inq
和+dsp
。
In your comment you stated you added the user pkaramol
to the server and put it in the mqm
group. 在您的评论中,您声明已将用户
pkaramol
添加到服务器,并将其放在mqm
组中。 While this is a quick way to get this to work, it does provide that user full MQ Admin access. 尽管这是使它起作用的快速方法,但它确实为该用户提供了完全的MQ Admin访问权限。 You could provide your actual user with the following permissions and still be able to Discover all of the objects on the queue manager.
您可以为实际用户提供以下权限,但仍然能够发现队列管理器上的所有对象。 Please replace the word
group
below with a group your user is a member of on the server: 请更换字
group
下面一组你的用户是在服务器上的成员:
setmqaut -m DMSQM -t qmgr -g group +connect +inq +dsp
setmqaut -m DMSQM -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g group +inq +put +dsp
setmqaut -m DMSQM -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -g group +get +dsp
setmqaut -m DMSQM -n '**' -t queue -g group +inq +dsp
I also noted that once you have queues populated either through Discover or manually adding them, it will use the User that you specified. 我还指出,一旦您通过发现或手动添加队列填充了队列,它将使用您指定的用户。
Note that with CHLAUTH
and CONNAUTH
disabled the queue manager is taking whatever user is presented and using it. 请注意,在禁用
CHLAUTH
和CONNAUTH
的情况下,队列管理器将采用任何呈现的用户并使用它。 You could leave CONNAUTH
enabled and specify a valid user and password and MQ would authenticate it. 您可以启用
CONNAUTH
并指定有效的用户名和密码,然后MQ会对它进行身份验证。
Another option since Discover does not honor the User setting would be to set a MCAUSER
on the SVRCONN channel of mquser
. 由于Discover不遵守User设置,因此另一个选项是在
mquser
的SVRCONN通道上设置MCAUSER
。
您需要授予UserId'pkaramol'权限,才能通过setmqaut命令访问队列管理器和队列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.