Managing channel authentication records in a QSG
Channel authentication records apply to the queue manager that they are created on, they are not shared throughout the queue sharing group (QSG). Therefore if all the queue managers in the queue sharing group are required to have the same rules, some management needs to be carried out to keep all the rules the consistent.
- Always add the
CMDSCOPE(*)
option to allSET CHLAUTH
commands. This will send the command to all running queue managers in the queue sharing group - Use the
DISPLAY CHLAUTH
command with theCMDSCOPE(*)
option and then analyze the responses to see if the records are the same from all queue managers. When an inconsistency is found aSET CHLAUTH
command can be issued containing the same rule withCMDSCOPE(*)
orCMDSCOPE(qmgr-name)
. - Add a member to the queue manager's CSQINP2 concatenation (see Initialization commands for details)
that has the full set of rules. These will be read as part of the queue manager's initialization
process. If the
SET CHLAUTH
command usesACTION(ADD)
the rule will only be added if it didn't exist. UsingACTION(REPLACE)
will replace an existing rule if it already exists or add it if it does not. The same member could then be placed in the CSQINP2 concatenation of all queue managers in the queue sharing group. - Use the CSQUTIL utility (see Issuing commands to IBM® MQ (COMMAND) for
details) to extract the rules from one queue manager using either the
MAKEDEF
orMAKEREP
option. Then replay the output using CSQUTIL into the target queue manager.