Planning identification and authentication

Decide what user IDs to use, and how and at what levels you want to apply authentication controls.

You must decide how you will identify the users of your IBM® MQ applications, bearing in mind that different operating systems support user IDs of different lengths. You can use channel authentication records to map from one user ID to another, or to specify a user ID based on some attribute of the connection. IBM MQ channels using TLS use digital certificates as a mechanism for identification and authentication. Each digital certificate has a subject distinguished name which can be mapped onto specific identities using channel authentication records. Additionally, CA certificates in the key repository determine which digital certificates may be used to authenticate to IBM MQ. For more information see:

Mapping a remote queue manager to an MCAUSER user ID
Mapping a client user ID to an MCAUSER user ID
Mapping an SSL or TLS Distinguished Name to an MCAUSER user ID
Mapping an IP address to an MCAUSER user ID