Professional Documents
Culture Documents
Connection Authentication
Connection Authentication
© 2019
Connection Authentication
Connection Authentication.
An application can provide a user ID and password.
3
Connection Authentication. In the diagram, two applications are
making connections with a queue manager,
-
one application as a client and one using
local bindings.
4
Connection Authentication.
Applications might use a variety of APIs to connect to the queue
manager, but all have the ability to provide a user ID and a password.
The user ID that the application is running under, User1 and User3 in
the diagram, which is the usual operating system user ID presented to
IBM® MQ, might be different from the user ID provided by the
application.
5
Connection Authentication.
The queue manager receives configuration commands (in the diagram,
MQ Explorer is being used) and manages the opening of resources and
checks the authority to access those resources.
The diagram illustrates opening a queue for output, but the same
principles apply to other resources as well.
6
Turning on connection authentication on a queue manager.
IDPWOS
Indicates that the queue manager uses the local operating system
to authenticate the user ID and password.
IDPWLDAP
Indicates that the queue manager uses an LDAP server to
authenticate the user ID and password.
7
Turning on connection authentication on a queue manager.
8
Turning on connection authentication on a queue manager.
Both CHCKLOCL and CHCKCLNT - ( from the chat above ) have the
same set of possible values that allow the strictness of checking to be
varied:
NONE
Switches off checking.
OPTIONAL
9
Turning on connection authentication on a queue manager.
+
OPTIONAL is the minimum value you can set, in order to use more
stringent CHLAUTH rules.
- If you select NONE and the client connection matches a CHLAUTH record
with CHCKCLNT REQUIRED (or REQDADM on platforms other than z/OS®),
the connection fails. You receive message AMQ9793 on platforms other
than z/OS, and message CSQX793E on z/OS.
REQUIRED
REQDADM
With that set, runmqsc prompts for the user's password at the
console.
11
Turning on connection authentication on a queue manager.
12
by default.
Configuration granularity.
You can set the overall CHCKCLNT value to OPTIONAL, for example,
and then upgrade it to be more stringent for certain channels by
setting CHCKCLNT to REQUIRED or REQDADM on the CHLAUTH
rule.
13
Configuration granularity.
. For example:
14