Channel Authentication Record

Some of the content described in this article is available in meshIQ Manage versions 11 and greater. See meshIQ Highlights v11 for an overview of feature changes.

You can create Block User Map, Block Address Map, SSL Peer Map, Address Map, User Map or Queue Manager Map channel authentication record types. To learn more about types, see the following IBM documentation: https://www.ibm.com/docs/en/ibm-mq/9.0?topic=commands-set-chlauth. 

There are several ways to create a Channel authentication record.

• From a Channel authentication record (channel auth rec) viewlet:
  • Click the Add button within a Channel authentication record (channel auth rec) viewlet.  The Select Object Path window opens. Specify the workgroup server, node, queue manager (leave the asterisk to create a new channel authentication record in all queue managers of the workgroup server) and object subtype. Click Select path.
    
    
  • Select the checkbox of a Channel auth rec record of the Channel auth type that you want to create, then select Create ChAuthRec from the Action menu to create a new record of that type.
• From a Channel viewlet: Select Create ChAuthRec from the Action menu of a channel record. The Select ChAuthRecType dialog opens. Select a Type and click OK.

The Channel Authentication Record Create window opens.  Follow the steps below to continue. For more information, please see the following IBM documentation: https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.explorer.doc/e_properties_chlauth.html.

1. Every channel auth rec type has two common tabs: General and Extended.  On the General tab select the channel profile name and add the description. (On versions prior to 11, you must enter the name.)
   
2. On the Extended tab, specify Yes or No from the Warning drop-down.  Setting this option to Yes will use a warning instead of blocking access. 
3. Within the Custom field, enter new feature configurations before separate attributes have been introduced. 
   
4. Block channel auth recs will have the Block tab as seen below.  Specify users who should not have access to this channel (or channels).  Creation of a Block User Map authentication record is displayed in the figure below.
   
5. Instead of the User list field as seen above, the Block tab of a Block Address Map will have an Address list field.  Enter the IP address(es) or IP address pattern(s) to be blocked from connecting to this queue manager using any channel.  The IP address pattern(s) can also include an asterisk as a wildcard to represent one or more parts of the address.
   
6. SSL Peer Map, Address Map, User Map and Queue Manager Map records have the Address tab.  An Address field appears on this tab which is used as a filter.  Specify the filter to be used to compare with the client or partner queue manager's IP address at the other end of the channel.
   
7. SSL Peer channel auth recs have the SSL Peer tab.  This tab has fields to specify SSL Peer and SSL/TSL Issuer’s Distinguished Name.
   
8. User Map channel auth recs also have a ClientUser tab to specify Client user ID.
   
9. Queue Manager Map records have the Queue Manager tab to specify the Remote queue manager.