Blocking access from a remote queue manager
We can use a channel authentication record to prevent a remote queue manager from starting channels.
Before starting
Ensure that channel authentication records are enabled as follows:ALTER QMGR CHLAUTH(ENABLED)
About this task
Note that this technique does not apply to server-connection channels. If you specify the name of a server-connection channel in the following command, it has no effect.
Procedure
Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, we can issue the MQSC command:SET CHLAUTH(' generic-channel-name ') TYPE(QMGRMAP) QMNAME(' generic-partner-qmgr-name ') USERSRC(NOACCESS)
- generic-channel-name is either the name of a channel to which we want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
- generic-partner-qmgr-name is either the name of the queue manager, or a pattern including the asterisk (*) symbol as a wildcard that matches the queue manager name.
Related information