Channel authentication record properties
You can set attributes for channel authentication record objects.
The following tables list the attributes that you can set:
For each attribute, there is a brief description of when you might need to configure it. The tables also give the equivalent MQSC parameter for the SET CHLAUTH and DISPLAY CHLAUTH commands. For more information about MQSC commands, see Script (MQSC) Commands in the IBM® MQ online product documentation.
General page
The following table lists the attributes that you can set on the General page of the Channel Authentication Records properties dialog.
Attribute | Meaning | MQSC parameter |
---|---|---|
Channel profile | Channel profile name. See SET CHLAUTH in the IBM MQ online product documentation. | PROFILE |
Type | Can be Address Map, Block Address List, Block User List, Queue Manager Map, SSL Peer Map or User Map. See SET CHLAUTH in the IBM MQ online product documentation. | TYPE |
Description | Type a meaningful description of the purpose of the channel authentication record. See Entering strings in MQ Explorer. | DESCR |
Address page
The following table lists the attributes that you can set on the Address page of the Channel Authentication Records properties dialog.
This parameter is valid with the property TYPE(ADDRESSMAP), TYPE(QMGRMAP), TYPE(SSLPEERMAP) and TYPE(USERMAP).
Attribute | Meaning | MQSC parameter |
---|---|---|
Address | Specifies the filter to be used to compare with the IP address of the partner queue manager or client at the other end of the channel. For SET command this parameter is mandatory with TYPE(ADDRESSMAP). See SET CHLAUTH in the IBM MQ online product documentation. | ADDRESS |
Block address page
The following table lists the attributes that you can set on the Block address page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(BLOCKADDR).
Attribute | Meaning | MQSC parameter |
---|---|---|
Address list | A list of IP address patterns which are blocked from connecting to this queue manager using any channel. See SET CHLAUTH in the IBM MQ online product documentation. | ADDRLIST |
Block user page
The following table lists the attributes that you can set on the Block user page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(BLOCKUSER).
Attribute | Meaning | MQSC parameter |
---|---|---|
User list | A list of user IDs that are blocked from use of this channel or set of channels. See SET CHLAUTH in the IBM MQ online product documentation. | USERLIST |
Queue manager page
The following table lists the attributes that you can set on the Queue manager page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(QMGRMAP).
Attribute | Meaning | MQSC parameter |
---|---|---|
Remote queue manager | Specifies the remote partner queue manager name pattern. See SET CHLAUTH in the IBM MQ online product documentation. | QMNAME |
SSL peer page
The following table lists the attributes that you can set on the SSL peer page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(SSLPEERMAP).
Attribute | Meaning | MQSC parameter |
---|---|---|
Peer name | The value of the Distinguished Name on the certificate from the peer queue manager or client at the other end of the IBM MQ channel. When the channel starts, the value of this attribute is compared with the Distinguished Name of the certificate. See SET CHLAUTH in the IBM MQ online product documentation. | SSLPEER |
SSL/TLS issuer's Distinguished Name | If this optional parameter is specified, it only allows connections from partner queue managers for which the certificate was issued by a Certificate Authority with a matching Distinguished Name. See SET CHLAUTH in the IBM MQ online product documentation. | SSLCERTI |
Client user page
The following table lists the attributes that you can set on the Client user page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(USERMAP).
Attribute | Meaning | MQSC parameter |
---|---|---|
Client user ID | Specifies the client asserted user ID. See SET CHLAUTH in the IBM MQ online product documentation. | CLNTUSER |
Extended page
The following table lists the attributes that you can set on the Extended page of the Channel Authentication Records properties dialog. For more information on attributes on this page see SET CHLAUTH in the IBM MQ online product documentation.
Attribute | Meaning | MQSC parameter |
---|---|---|
User source | Source of the user ID to be used for MCAUSER at run time. Possible values are Channel, Map and No access. | USERSRC |
MCA user ID | Message channel user ID to be used when the inbound connection matches the SSL DN, IP address, client asserted user ID or remote queue manager name supplied. This attribute is enabled only when User source selected is Map. | MCAUSER |
Warning | Indicates whether this record should operate in warning mode. Possible values are Yes or No. | WARN |
Check client connection | Specifies whether the connection that matches this rule and is being allowed in with USERSRC(CHANNEL) or USERSRC(MAP), must also specify a valid user ID and password. | CHCKCLNT |
Custom | This attribute is reserved for the configuration of new features before separate attributes have been introduced. | CUSTOM |
Statistics page
The Statistics page of the Channel Authentication Records properties dialog displays read-only information showing when the properties of the channel authentication record were last changed. You cannot edit the values of these attributes. See DISPLAY CHLAUTH in the IBM MQ online product documentation.
Attribute | Meaning | MQSC parameter |
---|---|---|
Alteration date | Read-only. This is the date on which the authentication information object attributes were last altered. | ALTDATE |
Alteration time | Read-only. This is the time at which the authentication information object attributes were last altered. | ALTTIME |