MFT and IBM MQ connection authentication
Connection authentication allows a queue manager to be configured to authenticate applications by using a provided user ID and password. If the associated queue manager has security enabled, and requires credential details (user ID and password), the connection authentication feature must be enabled before a successful connection to a queue manager can be made. Connection authentication can be run in compatibility mode or MQCSP authentication mode.
Methods of supplying credential details
- Details supplied by command line arguments.
- The credential details can be specified by using the -mquserid and -mqpassword parameters. If the -mqpassword is not supplied, then the user is asked for the password where the input is not displayed.
- Details supplied from a credentials file: MQMFTCredentials.xml.
- The credential details can be predefined in a MQMFTCredentials.xml file either as clear text or obfuscated text.
For information about setting up an MQMFTCredentials.xml file on IBM® MQ for Multiplatforms see Configuring MQMFTCredentials.xml on multiplatforms.
For information about setting up an MQMFTCredentials.xml file on IBM MQ for z/OS® see Configuring MQMFTCredentials.xml on z/OS.
Precedence
- Command line argument.
MQMFTCredentials.xmlindex by associated queue manager and user running the command.MQMFTCredentials.xmlindex by associated queue manager.- Default backward compatibility mode where no credential details are supplied to allow compatibility with previous releases of IBM MQor IBM WebSphere® MQ
-
The fteStartAgent and fteStartLogger commands do not support the command line argument -mquserid, or -mqpassword, and the credential details can only be specified with the MQMFTCredentials.xml file.
![[z/OS]](ngzos.gif)
On z/OS, the password must be uppercase, even if the user's password has lowercase letters. For example, if the user's password was "password", it would have to be entered as "PASSWORD".