Enable connection authentication for MFT

Connection authentication of the IBM MQ Explorer MFT Plugin connecting with a coordination queue manager or command queue manager, and connection authentication for a Managed File Transfer agent connecting with a coordination queue manager or command queue manager can be run in compatibility mode or MQCSP authentication mode.

About this task

Before IBM MQ Version 9.2.0, compatibility mode is the default setting for connection authentication. However, we can disable the default compatibility mode and enable MQCSP authentication mode.

From IBM MQ Version 9.2.0, MQCSP authentication mode is the default.

For connection authentication for the IBM MQ Explorer Managed File Transfer plugin or for Managed File Transfer agents that connect to a queue manager using the CLIENT transport, passwords longer than 12 characters are only supported for MQCSP authentication mode. If you specify a password greater than 12 characters in length when authorizing using compatibility mode, then an error occurs and the agent does not authenticate with the queue manager. See the BFGAG0187E message in Diagnostic messages: BFGAG0001 - BFGAG9999.

Procedure

• To select the connection authentication mode for a coordination queue manager or command queue manager in IBM MQ Explorer, complete the following steps:
  1. Select the queue manager that we want to connect to.
  2. Right click, and select Connection Details->Properties from the pop-up menu.
  3. Click the Userid tab.
  4. Make sure that the check box for the mode of connection authentication that we want to use is selected:
     • From IBM MQ Version 9.1.0, by default, the User identification compatibility mode check box is unselected. This means that if the Enable user identification check box is selected, the IBM MQ Explorer will use MQCSP authentication when connecting to the queue manager. If IBM MQ Explorer needs to connect to the queue manager using compatibility mode instead of MQCSP authentication, ensure that both the Enable user identification and the User identification compatibility mode check boxes are selected.
     • Before IBM MQ Version 9.1.0, by default, the User identification compatibility mode check box is selected. This means that if the Enable user identification check box is selected, the IBM MQ Explorer will use compatibility mode when connecting to the queue manager. If IBM MQ Explorer needs to connect to the queue manager using MQCSP authentication, ensure that the Enable user identification check box is selected, and the User identification compatibility mode check box is unselected.

• To enable or disable MQCSP authentication mode for a Managed File Transfer agent by using the MQMFTCredentials.xml file, add the parameter useMQCSPAuthentication to the MQMFTCredentials.xml file for the relevant user. The useMQCSPAuthentication parameter has the following values:

  true

  MQCSP authentication mode is used to authenticate the user with the queue manager.

  From Version 9.2.0, true is the default value. If the useMQCSPAuthentication parameter is not specified, it is by default set to true and MQCSP authentication mode is used to authenticate the user with the queue manager..

  false

  Compatibility mode is used to authenticate the user with the queue manager.

  Before IBM MQ Version 9.2.0, if the useMQCSPAuthentication parameter is not specified, it is by default set to false and compatibility mode is used to authenticate the user with the queue manager.

  The following example shows how to set the useMQCSPAuthentication parameter in the MQMFTCredentials.xml file:

  <tns:qmgr name="CoordQueueMgr" user="ernest" mqUserId="ernest"
      mqPassword="AveryL0ngPassw0rd2135" useMQCSPAuthentication="true"/>

Parent topic: MFT and IBM MQ connection authentication

Related concepts

• MQCSP password protection

Related reference

• MFT and IBM MQ connection authentication

Related information

• MFT credentials file format