Configuring MQMFTCredentials.xml on multiplatforms

If Managed File Transfer (MFT) is configured with security enabled, connection authentication requires all MFT commands that connect with a queue manager to supply user ID and password credentials. Similarly, MFT loggers might be required to specify a user ID and password when connecting to a database. This credential information can be stored in the MFT credentials file.

About this task

The elements in the MQMFTCredentials.xml file must conform to the MQMFTCredentials.xsd schema. For information about the format of MQMFTCredentials.xml, see MFT credentials file format.

You can find a sample credentials file in the MQ_INSTALLATION_PATH/mqft/samples/credentials directory.

You can have one MFT credentials file for the coordination queue manager, one for the command queue manager, one for each agent, and one for each logger. Alternatively, you can have one file which is used by everything in your topology.

The default location of the MFT credentials file is as follows:
[UNIX][Linux]UNIX and Linux®
$HOME
[Windows]Windows
%USERPROFILE% or %HOMEDRIVE%%HOMEPATH%
If the credentials file is stored in a different location, then you can use the following properties to specify where the commands should look for it:
Table 1. : Properties that define the location of the MQMFTCredentials.xml file for various commands.
Type of command Property file Property name
Command which connects to the coordination queue manager coordination.properties coordinationQMgrAuthenticationCredentialsFile
Command which connects to the command queue manager connection.properties connectionQMgrAuthenticationCredentialsFile
Command that connects to an agent process agent.properties agentQMgrAuthenticationCredentialsFile
Command that connects to a logger process logger.properties loggerQMgrAuthenticationCredentialsFile
Table 2. : Properties that define the location of the MQMFTCredentials.xml file for agents and logger processes.
Type of command Property file Property name
MFT agents agent.properties agentQMgrAuthenticationCredentialsFile
MFT loggers logger.properties loggerQMgrAuthenticationCredentialsFile

For details about what commands and processes connect to which queue manager, see Which MFT commands and processes connect to which queue manager.

Because the credentials file contains user ID and password information, it requires special permissions to prevent unauthorized access to it:
[UNIX][Linux]UNIX and Linux

 chown <agent owner userid>
 chmod 600
[Windows]Windows
Ensure that inheritance is not enabled, and then remove all of the user IDs except those running the agent or logger that will be using the credentials file.
The credential details used to connect to an MFT coordination queue manager, in the IBM® MQ Explorer Managed File Transfer plug-in for , depends on the type of configuration:
Global (configuration on local disk)
A global configuration uses the credentials file specified in the coordination and command properties.
Local (defined within IBM MQ Explorer):
A local configuration uses the properties of the connection details of the associated queue manager in IBM MQ Explorer.