Working with authentication information
We can use the authentication information widget in the IBM MQ Console to add and delete authentication information objects on a queue manager. We can also view and set the properties, and manage the authority records for the objects.
Before you begin
You must create an authentication information widget before we can use it. For more information about creating IBM MQ object widgets, see Working with IBM MQ objects.About this task
The authentication information widget lists the authentication information that exists for a specific queue manager. We can select individual authentication information from the list to work with.
The queue manager authentication information forms part of IBM MQ support for Transport Layer Security (TLS). These objects contain the definitions that are required to perform certificate revocation checking by using OCSP or Certificate Revocation Lists (CRLs) on LDAP servers, and the definitions that are required to enable user ID and password checking.
We cannot use IDPW LDAP, or view or edit authority records for an authentication information object on z/OSĀ®.
Procedure
-
To add an authentication information object:
- Click the create icon in the authentication information widget toolbar.
-
Specify the name of the authentication information object. Valid characters are letters and
numbers and the
.
,/
,_
, and%
characters. - Specify the type of authentication information object.
-
Specify additional information appropriate to the object type:
- For CRL LDAP, specify the LDAP server name. This name is the host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running, with an optional port number.
- For OCSP, specify the OCSP responder URL. This URL is the URL of the responder that is used to check for certificate revocation. This value must be an HTTP URL containing the host name and port number of the OCSP responder. If the OCSP responder is using port 80, which is the default for HTTP, then the port number can be omitted. HTTP URLs are defined in RFC 1738.
- For IDPW OS, there are no additional requirements.
- For IDPW LDAP, specify the LDAP server name and the Short user name. The LDAP server name is the host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running, with an optional port number. The short user name is the field in the LDAP user record that is used as a short name for the connection.
- Click Create.
-
To delete an authentication information object:
- Select the authentication information object to delete from the list in the widget.
- Click the delete icon in the widget toolbar.
- Confirm to delete the authentication information object by clicking Delete. The object is deleted.
-
To view and edit the properties of an authentication information object:
- Select the authentication information object in the widget.
- Click the properties icon in the widget toolbar. Alternatively, double-click the authentication information object.
- View the properties and edit them as required. If the property text box is disabled, the property is read-only, or can be edited only from the command line.
-
To view and edit authority records for an authentication information object:
- Select the authentication information object in the authentication information widget.
- Click ... > Manage Authority Records. The authority records show the permissions that users and administrators have on the selected authentication information object.