MFT and IBM MQ connection authentication
Managed File Transfer Version 8.0 or later supports the IBM MQ Version 8.0 or later security features, with the default mode of disabled. If the associated queue manager has security enabled, and requires credential details (user ID and password), this feature must enabled before a successful connection to a queue manager can be made.
Many Managed File Transfer commands support the following methods:
- Details supplied by command line arguments.
- The credential details can be specified using arguments -mquserid and -mqpassword. If the -mqpassword is not supplied, then the user will be asked for the password where the input is not displayed.
- Details supplied from a credentials file: MQMFTCredentials.xml.
- The credential details can be predefined in a MQMFTCredentials.xml file
either as clear text or obfuscated text. The location of the
MQMFTCredentials.xml file is defined by a property value:
Table 1. Property values that define the location of the MQMFTCredentials.xml file Category Property File Property Name Show/List commands Coordination properties coordinationQMgrAuthenticationCredentialsFile Modify/create commands Command properties connectionQMgrAuthenticationCredentialsFile Agent/clean agent Agent properties agentQMgrAuthenticationCredentialsFile Logger Logger properties loggerQMgrAuthenticationCredentialsFile
QMgr defines a single pair of credentials, and has the following format:
<tns:qmgr mquserid="MQ User ID" mqpassword="MQ Password" name="QMgr" user="user running command" />
The user attribute is optional and, if not present, the credentials apply to all users.
Precedence
The precedence of determining the credential details is:- Command line argument.
- MQMFTCredentials.xml index by associated queue manager and user running the command.
- MQMFTCredentials.xml index by associated queue manager.
- Default backward compatibility mode where no credential details are supplied to allow compatibility with previous releases of IBM MQ or IBM WebSphere MQ.
The fteStartAgent and fteStartLogger commands do not support the command line argument -mquserid, or -mqpassword, and the credential details can only be specified with the MQMFTCredentials.xml file.
-
On z/OSĀ®, the password must be uppercase, even if the user's password has lowercase letters. For example, if the user's password was "password", it would have to be entered as "PASSWORD".