Configuring WebSphere MQ accounts

WebSphere® MQ checks that only authorized users can access queue managers or queues. Whenever a user attempts such access, WebSphere MQ uses its own local account to query information about the user. However, if a domain controller runs on Windows® 2000 or Windows 2003, it can be set up so that local accounts cannot be used to make these queries. In this situation, you must provide WebSphere MQ with a special account to use. This is necessary when both of the following conditions apply: If these conditions apply (or if you are not sure), give the information described in the following section to your domain administrator, and ask for one of the special accounts it describes. When you install the product, towards the end of the installation procedure, in the Prepare WebSphere MQ wizard, you are asked to enter details of this account (domain, user name, and password).

If these conditions apply and you install WebSphere MQ without a special account (or without entering its details), many or all parts of WebSphere MQ will not work, depending upon the particular user accounts involved. In particular, if you are currently logged on with a Windows 2000 or Windows 2003 domain user account, you cannot complete the Default Configuration, and the Postcard and API Exerciser applications will not work. Also, WebSphere MQ connections to queue managers that run under Windows 2000 or Windows 2003 domain accounts on other computers might fail.

For information about the user rights required to take advantage of the Kerberos authentication support, see WebSphere MQ Security.

For information about the user rights required to take advantage of the Active Directory support, see WebSphere MQ Intercommunication.

For information about user accounts and access permissions, see WebSphere MQ System Administration Guide.