Question & Answer
Question
You are using IBM MQ with the default CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) and the corresponding AUTHINFO has AUTHTYPE(IDPWOS), which means that the local userids and local groups are going to be used for the authentication for using IBM MQ.
When using local userids and groups, there is a limit that the userids CANNOT be longer than 12 characters. That is, 12 characters is the maximum.
You want to known what happens when using userids with more than 12 characters?
Cause
The following web page in the online manual shows the limitations:
https://www.ibm.com/docs/en/ibm-mq/9.3?topic=application-user-ids
IBM MQ / 9.3
User IDs
When you create user IDs for client applications, the user IDs must not be longer than the maximum permitted length.
IBM MQ / 9.3
User IDs
When you create user IDs for client applications, the user IDs must not be longer than the maximum permitted length.
- On z/OS®, AIX® and Linux®, the maximum length of a user ID is 12 characters.
- On IBM i, the maximum length of a user ID is 10 characters.
- On Windows, if both the IBM MQ MQI client and the IBM MQ server are on Windows, and the server has access to the domain on which the client user ID is defined, the maximum length of a user ID is 20 characters.
-- However, if the IBM MQ server is not a Windows server, the user ID is truncated to 12 characters.
-- However, if the IBM MQ server is not a Windows server, the user ID is truncated to 12 characters.
- If you use the MQCSP structure to pass credentials, the maximum length of a user ID is 1024 characters. The MQCSP structure user ID cannot be used to circumvent the maximum userid length used by IBM MQ for authorization.
For more information about the MQCSP structure, see:
https://www.ibm.com/docs/en/SSFKSJ_9.3.0/secure/q013310_.html
IBM MQ / 9.3
Identifying and authenticating users using the MQCSP structure.
For more information about the MQCSP structure, see:
https://www.ibm.com/docs/en/SSFKSJ_9.3.0/secure/q013310_.html
IBM MQ / 9.3
Identifying and authenticating users using the MQCSP structure.
Answer
This techdoc explores several scenarios when trying to use a userid that is longer than 12 characters in Linux and the FDCs that are generated and the error entries in the error log of the queue manager.
The scenarios are:
Scenario 1: MQ Admin tries to use setmqaut -p with long userid
Scenario 2: Local long userid logs in and issues setmqenv
Scenario 3: Local Long userid logs in and issues dspmqver
Scenario 4: local long userid, amqsput (local bindings)
Scenario 5: Long userid from another host, using amqsputc (client connection), NOT using MQCSP
Scenario 6: Long userid from another host, using amqsputc (client connection), specifying MQSAMP_USER_ID to use MQCSP connection security parameters structure in MQCONNX
Scenario 1: MQ Admin tries to use setmqaut -p with long userid
Scenario 2: Local long userid logs in and issues setmqenv
Scenario 3: Local Long userid logs in and issues dspmqver
Scenario 4: local long userid, amqsput (local bindings)
Scenario 5: Long userid from another host, using amqsputc (client connection), NOT using MQCSP
Scenario 6: Long userid from another host, using amqsputc (client connection), specifying MQSAMP_USER_ID to use MQCSP connection security parameters structure in MQCONNX
++ See attached PDF file:
+++ end +++
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008KIAAY","label":"Security-\u003EAuthentication"}],"ARM Case Number":"TS013431589","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 August 2023
UID
ibm17025135