all
How can I set the snmpv3 context name for the snmp agent ?
Can I set it when I create a new snmpv3 user or need to change the snmp configuration ?
Related
On AIX and Linux , MQ MFT agent files are all owned by mqm, and subsequently the agent processes run as mqm in the process list.
In addition, when the agent connects to an MQ Manager, the connection user is mqm. Due to security - I would like to have a different user appear in the connections to the MQ manager.
Is there a way to run an MQ MFT agent as the mqm user, but the outbound connections to the MQ Manager are done as a different user, for example mqmftuser001, rather than mqm?
You can use MQMFTCredentials.xml file to map a local user to mquserid for connecting to agent queue manager. For example -
<tns:qmgr name="MFTQM" user="localuser" mqUserId="mqagentuser" mqPassword="Password" useMQCSPAuthentication="true"/>.
The file can need to be placed in a secure folder where no user other than the one that starts the agent has access permissions. Generally it will be users home directory, $HOME.
You can override the default credential path by setting the agent property agentQMgrAuthenticationCredentialsFile. The path specified for the property must be secure as mentioned before.
There are similar questions to this one, but not quite the same...
I have a C# program that is using amqmdnet.dll (from 9.0.1.0 MQC Redist)
The code to connect is:
Hashtable mqProperties = new Hashtable();
mqProperties.Add(MQC.CHANNEL_PROPERTY, channelName);
mqProperties.Add(MQC.HOST_NAME_PROPERTY, hostname);
mqProperties.Add(MQC.PORT_PROPERTY, port);
queueManager = new MQQueueManager(strQueueManagerName, mqProperties);
It works fine and writes to the queue. I assume it picks up my current login id from Windows.
When I run the same code on IIS, it connects but fails with an auth error 2035 when trying to write to the Queue.I assume this is because IIS is running as a different user-id.
I tried adding:
mqProperties.Add(MQC.USER_ID_PROPERTY, "myuserid");
mqProperties.Add(MQC.PASSWORD_PROPERTY, "mypassword");
and it did not work. Trying "mydomain\myuserid" did not work either. Some other posts mentioned that MQ needs the Windows SID. I tried using that string, but that did not work either.
At this point, I am playing with this, so I'd prefer not to ask the admins to set up a new userid on the MQ server side. With this in mind, is there any way I can login when running under the IIS user, but pass in my userid/password or some other credential to make this work?
If the queue manager is v8.0 or later and is configured to use CONNAUTH and has ADOPTCTX(YES) set you can present an id and password. If it does not have this set then the value presented in the UserId and Password property of a .NET client will be ignored.
A IBM developerWorks MQdev blog post "MQCSP Password Protection in MQ V8 has details on how to do this in various languages."
For .NET you should be able to use what you have with the addition of the MQC.USE_MQCSP_AUTHENTICATION_PROPERTY set to true:
mqProperties.Add(MQC.USER_ID_PROPERTY, "myuserid");
mqProperties.Add(MQC.PASSWORD_PROPERTY, "mypassword");
mqProperties.Add(MQC.USE_MQCSP_AUTHENTICATION_PROPERTY, true);
The queue manager will then authenticate this ID. If the queue manager is set with ADOPTCTX(YES) then it will always use the authenticated ID for OAM checks. If it is set to ADOPTCTX(NO) it will still use the ID the process is running under to perform OAM checks. It is highly recommended that this be set to ADOPTCTX(YES).
Update 2017/02/20:
Related to the comment "I can see that it might be turned off by admins so that MQ relies on the larger organizational SSO infrastructure.". Without setting up CONNAUTH and ADOPTCTX(YES) you can assert any id you want to over the channel. If a CHLAUTH rule is not in place to block administrative users then you can obtain full MQ administrative authority without any form of authentication.
we have a cisco router, which configured with SNMP v3 and username is testAdmin. Is there any command to identify, whether this user has read-only permission or read-write?
Regards,
Sumesh.
You can try to write down the config with the community which you have.
http://www.ciscozine.com/how-to-save-configurations-using-snmp/
This will not affect any service and will prove you if the string is working.
The other option is to bring up loopback interface with some random number
As a network auditor I am using WMI to query windows PC and get relevent information.
secpol.msc gives the account and local policies. Is there a way that I can read all the parameters in the policy to check that users have configured them as per company norms.
Thank You
You can use the RSoP WMI Classes to get the Group Policy settings and the Group Policy Settings Reference for Windows and Windows Server which basically is a set of excel files which contains the windows registry keys where is stored such info.
The MAPISendMail function is available on windows so that an application can request that an email be sent. Windows will route the request to whichever email client is configured as the default provider.
How do I write an application so that it will act as an email client for the purpose of receiving the MAPISendMail emails? Can anyone point me to the MSDN documentation? Or let me know the required interfaces and registry keys involved?
add some stuff in the registery to
HKEY_LOCAL_MACHINE\Software\Clients\Mapi
create a new key with your apps name
add a REG_EXPAND_SZ and assign the path to your dll to it
create a new key with name shell
create a new key with name open
create a new key with name command
assign your exe name to it.
PS. For vista and windows 7, use HKEY_LOCAL_USER
Implement the MAPI-API in your DLL.
You need the shell\open\command value to be set
else the client won't show up in the clients
list in your internet settings.
If you're not using the Microsoft Exchange Transport Provider, you can implement a MAPI Spooler Hook Provider. The following Microsoft Knowledgebase sample shows how to create a MAPI Spooler Hook Provider:
http://support.microsoft.com/kb/224362