+

Search Tips | Advanced Search

Command port authentication

MQIPT can be configured to authenticate commands received by the unsecured command port and TLS command port using a password. Use this procedure to enable command port authentication.


About this task

The mqiptAdmin command prompts users to enter a password when the command connects to the command port of an instance of MQIPT that has command port authentication enabled. MQIPT validates the password entered in the mqiptAdmin command against the access password specified in the MQIPT configuration.

The properties that you set for command port authentication apply to both the TLS command port and the unsecured command port.


Procedure

  1. Encrypt the MQIPT access password using the mqiptPW command. Enter the following command:
    mqiptPW -sf encryption_key_file
    where encryption_key_file is the name of the file that contains the password encryption key for the MQIPT installation. You do not need to specify the -sf parameter if your MQIPT installation is using the default password encryption key. Type in the access password to encrypt when prompted.For more information about encrypting passwords in the MQIPT configuration, see Encrypting stored passwords.
  2. Edit the mqipt.conf configuration file and specify the following properties: 
    AccessPW=encrypted_password
RemoteCommandAuthentication=auth_setting
    where:

      encrypted_password
      is the encrypted password output by the mqiptPW command in step 1.

      auth_setting
      is the authentication requirement. Command port authentication is enabled if this property is set to one of the following values:

        optional
        A password is not required, but if a password is provided it must be valid. This option might be useful during migration, for example.

        required
        A valid password must be provided with each command received by a command port.

    For more information about these properties, see MQIPT global properties.

  3. Start or refresh MQIPT to bring the changes into effect. MQIPT issues a message indicating whether command port authentication is enabled. For example, if MQIPT is configured to require a valid password to be entered each time the mqiptAdmin command is run, then the following message is issued: 
    MQCPI021 Password checking has been enabled on the command port

Parent topic: Administer MQIPT by using the command line

Last updated: 2020-10-04