AMQP client authentication using a password
Authenticate the AMQP client user name using the client password. You can authenticate the client using a different identity from the identity used to authorize the client to publish and subscribe to topics.
The AMQP service can use MQ CONNAUTH or JAAS to authenticate the client user name. If one of these is configured, the password provided by the client is verified by the MQ CONNAUTH configuration or the JAAS module.
The following procedure outlines example steps to authenticate individual users against the local
OS users and passwords and, if successful, adopt the common identity
AMQPUser:- The IBM® MQ administrator sets the AMQP channel
MCAUSER identity to any name, such as
AMQPUser, using IBM MQ Explorer. - The IBM MQ administrator authorizes
AMQPUserto publish and subscribe to any topic:setmqaut -m QM1 -t topic -n SYSTEM.BASE.TOPIC -p AMQPUser -all +pub +sub +connect - The IBM MQ administrator configures an IDPWOS CONNAUTH rule to check the user name and password presented by the client. The CONNAUTH rule should set CHCKCLNT(REQUIRED) and ADOPTCTX(NO).
Note: You are recommended to use channel authentication rules and to set the MCAUSER channel
attribute to a user who has no privileges, to allow more control over connections to the queue
manager.