Enabling MQCSP authentication
From IBM MQ Version 9.0.3 for Continuous Delivery, and IBM MQ Version 9.0.0, Fix Pack 2 for Long Term Support, we can enable MQCSP authentication mode for connection authentication of the IBM MQ Explorer MFT Plugin connecting with a coordination queue manager or command queue manager. We can also enable MQCSP authentication mode for connection authentication for a Managed File Transfer agent connecting with a coordination queue manager or command queue manager.
If we use the IBM MQ Explorer Managed File Transfer plugin, or have Managed File Transfer agents that connect to a queue manager using the CLIENT transport and specify a password, then the agent does not authenticate with the queue manager if the password specified is greater than 12 characters in length. This is because the code does not use MQCSP authentication, and authenticates using compatibility mode, which limits the password to 12 characters in length.
From IBM MQ Version 9.0.3 and IBM MQ Version 9.0.0, Fix Pack 2, we can disable the default compatibility mode and enable MQCSP authentication mode.
Procedure
-
To disable compatibility mode and enable MQCSP authentication for a coordination queue manager
or command queue manager in IBM MQ Explorer, complete the
following steps:
- Select the queue manager to connect to.
- Right click, and select Connection Details->Properties from the pop-up menu.
- Click the Userid tab.
- Ensure that Enable user identification is selected, and clear the User identification compatibility mode check box.
-
To disable compatibility mode and enable MQCSP authentication for a Managed File Transfer agent, add the parameter
useMQCSPAuthentication to the MQMFTCredentials.xml file
for the relevant user and set it to true.
The parameter must be set to true. If the parameter is not specified, it is
by default set to false and compatibility mode is used to authenticate the user
with the queue manager.
The following example shows how to set the useMQCSPAuthentication parameter
in the MQMFTCredentials.xml
file:
<tns:qmgr name="CoordQueueMgr" user="ernest" mqUserId="ernest" mqPassword="AveryL0ngPassw0rd2135" useMQCSPAuthentication="true"/>