Channel authentication record properties
We can set attributes for channel authentication record objects.
The following tables list the attributes that we can set:
For each attribute, there is a brief description of when you might need to configure it. The tables also give the equivalent MQSC parameter for the SET CHLAUTH and DISPLAY CHLAUTH commands. For more information about MQSC commands, see Script (MQSC) Commands in the IBM MQ online product documentation.
General page
The following table lists the attributes that we can set on the General page of the Channel Authentication Records properties dialog.
Attribute Meaning MQSC parameter Channel profile Channel profile name. See SET CHLAUTH in the IBM MQ online product documentation. PROFILE Type Can be Address Map, Block Address List, Block User List, Queue Manager Map, SSL Peer Map or User Map. See SET CHLAUTH in the IBM MQ online product documentation. TYPE Description Type a meaningful description of the purpose of the channel authentication record. See Entering strings in MQ Explorer. DESCR
Address page
The following table lists the attributes that we can set on the Address page of the Channel Authentication Records properties dialog.
Note:This parameter is valid with the property TYPE(ADDRESSMAP), TYPE(QMGRMAP), TYPE(SSLPEERMAP) and TYPE(USERMAP).
Attribute Meaning MQSC parameter Address Specifies the filter to be used to compare with the IP address of the partner queue manager or client at the other end of the channel. For SET command this parameter is mandatory with TYPE(ADDRESSMAP). See SET CHLAUTH in the IBM MQ online product documentation. ADDRESS
Block address page
The following table lists the attributes that we can set on the Block address page of the Channel Authentication Records properties dialog.
Note:This parameter is only valid with the property TYPE(BLOCKADDR).
Attribute Meaning MQSC parameter Address list A list of IP address patterns which are blocked from connecting to this queue manager using any channel. See SET CHLAUTH in the IBM MQ online product documentation. ADDRLIST
Block user page
The following table lists the attributes that we can set on the Block user page of the Channel Authentication Records properties dialog.
Note:This parameter is only valid with the property TYPE(BLOCKUSER).
Attribute Meaning MQSC parameter User list A list of user IDs that are blocked from use of this channel or set of channels. See SET CHLAUTH in the IBM MQ online product documentation. USERLIST
Queue manager page
The following table lists the attributes that we can set on the Queue manager page of the Channel Authentication Records properties dialog.
Note:This parameter is only valid with the property TYPE(QMGRMAP).
Attribute Meaning MQSC parameter Remote queue manager Specifies the remote partner queue manager name pattern. See SET CHLAUTH in the IBM MQ online product documentation. QMNAME
SSL peer page
The following table lists the attributes that we can set on the SSL peer page of the Channel Authentication Records properties dialog.
Note:This parameter is only valid with the property TYPE(SSLPEERMAP).
Attribute Meaning MQSC parameter Peer name The value of the Distinguished Name on the certificate from the peer queue manager or client at the other end of the IBM MQ channel. When the channel starts, the value of this attribute is compared with the Distinguished Name of the certificate. See SET CHLAUTH in the IBM MQ online product documentation. SSLPEER SSL/TLS issuer's Distinguished Name If this optional parameter is specified, it only allows connections from partner queue managers for which the certificate was issued by a Certificate Authority with a matching Distinguished Name. See SET CHLAUTH in the IBM MQ online product documentation. SSLCERTI
Client user page
The following table lists the attributes that we can set on the Client user page of the Channel Authentication Records properties dialog.
Note:This parameter is only valid with the property TYPE(USERMAP).
Attribute Meaning MQSC parameter Client user ID Specifies the client asserted user ID. See SET CHLAUTH in the IBM MQ online product documentation. CLNTUSER
Extended page
The following table lists the attributes that we can set on the Extended page of the Channel Authentication Records properties dialog. For more information on attributes on this page see SET CHLAUTH in the IBM MQ online product documentation.
Attribute Meaning MQSC parameter User source Source of the user ID to be used for MCAUSER at run time. Possible values are Channel, Map and No access. USERSRC MCA user ID Message channel user ID to be used when the inbound connection matches the SSL DN, IP address, client asserted user ID or remote queue manager name supplied. This attribute is enabled only when User source selected is Map. MCAUSER Warning Indicates whether this record should operate in warning mode. Possible values are Yes or No. WARN Check client connection Specifies whether the connection that matches this rule and is being allowed in with USERSRC(CHANNEL) or USERSRC(MAP), must also specify a valid user ID and password. CHCKCLNT Custom This attribute is reserved for the configuration of new features before separate attributes have been introduced. CUSTOM
Statistics page
The Statistics page of the Channel Authentication Records properties dialog displays read-only information showing when the properties of the channel authentication record were last changed. We cannot edit the values of these attributes. See DISPLAY CHLAUTH in the IBM MQ online product documentation.
Attribute Meaning MQSC parameter Alteration date Read-only. This is the date on which the authentication information object attributes were last altered. ALTDATE Alteration time Read-only. This is the time at which the authentication information object attributes were last altered. ALTTIME