Connection authentication

Connection authentication can be achieved in various ways:
  • An application can provide a user ID and password. The application can be either a client, or it can use local bindings.
  • A queue manager can be configured to act on a supplied user ID and password.
  • A repository can be used to determine whether a user ID and password combination is valid.
See the following text for details.

In the diagram, two applications are making connections with a queue manager, one application as a client and one using local bindings. Applications might use a variety of APIs to connect to the queue manager, but all have the ability to provide a user ID and a password. The user ID that the application is running under, User1 and user3 in the diagram, which is the usual operating system user ID presented to IBM® MQ, might be different from the user ID provided by the application, User2 and user4.

The queue manager receives configuration commands (in the diagram, MQ Explorer is being used) and manages the opening of resources and checks the authority to access those resources. There are many different resources in IBM MQ that an application might require authority to access. The diagram illustrates opening a queue for output, but the same principles apply to other resources as well.

See User repositories for details about the repository that is used for checking user IDs and passwords.