Channel authentication record properties
You can set properties for channel authentication record objects.
The following tables list the properties that you can set:
For each property, there is a brief description of when you might need to configure it. The tables also give the equivalent MQSC parameter for the SET CHLAUTH and DISPLAY CHLAUTH commands. For more information about MQSC commands, see Administration using MQSC commands in IBM® Knowledge Center.
General page
The following table lists the properties that you can set on the General page of the Channel Authentication Records properties dialog.
Property | Meaning | MQSC parameter |
---|---|---|
Channel profile | Channel profile name. See SET CHLAUTH in IBM Knowledge Center. | PROFILE |
Type | Can be Address Map, Block Address List, Block User List, Queue Manager Map, SSL Peer Map or User Map. See SET CHLAUTH in IBM Knowledge Center. | TYPE |
Description | Type a meaningful description of the purpose of the channel authentication record. See Entering strings in MQ Explorer. | DESCR |
Address page
The following table lists the properties that you can set on the Address page of the Channel Authentication Records properties dialog.
This parameter is valid with the property TYPE(ADDRESSMAP), TYPE(QMGRMAP), TYPE(SSLPEERMAP) and TYPE(USERMAP).
Property | Meaning | MQSC parameter |
---|---|---|
Address | Specifies the filter to be used to compare with the IP address of the partner queue manager or client at the other end of the channel. For SET command this parameter is mandatory with TYPE(ADDRESSMAP). See SET CHLAUTH in IBM Knowledge Center. | ADDRESS |
Block address page
The following table lists the properties that you can set on the Block address page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(BLOCKADDR).
Property | Meaning | MQSC parameter |
---|---|---|
Address list | A list of IP address patterns which are blocked from connecting to this queue manager using any channel. See SET CHLAUTH in IBM Knowledge Center. | ADDRLIST |
Block user page
The following table lists the properties that you can set on the Block user page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(BLOCKUSER).
Property | Meaning | MQSC parameter |
---|---|---|
User list | A list of user IDs that are blocked from use of this channel or set of channels. See SET CHLAUTH in IBM Knowledge Center. | USERLIST |
Queue manager page
The following table lists the properties that you can set on the Queue manager page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(QMGRMAP).
Property | Meaning | MQSC parameter |
---|---|---|
Remote queue manager | Specifies the remote partner queue manager name pattern. See SET CHLAUTH in IBM Knowledge Center. | QMNAME |
SSL peer page
The following table lists the properties that you can set on the SSL peer page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(SSLPEERMAP).
Property | Meaning | MQSC parameter |
---|---|---|
Peer name | The value of the Distinguished Name on the certificate from the peer queue manager or client at the other end of the IBM MQ channel. When the channel starts, the value of this property is compared with the Distinguished Name of the certificate. See SET CHLAUTH in IBM Knowledge Center. | SSLPEER |
SSL/TLS issuer's Distinguished Name | If this optional parameter is specified, it only allows connections from partner queue managers for which the certificate was issued by a Certificate Authority with a matching Distinguished Name. See SET CHLAUTH in IBM Knowledge Center. | SSLCERTI |
Client user page
The following table lists the properties that you can set on the Client user page of the Channel Authentication Records properties dialog.
This parameter is only valid with the property TYPE(USERMAP).
Property | Meaning | MQSC parameter |
---|---|---|
Client user ID | Specifies the client asserted user ID. See SET CHLAUTH in IBM Knowledge Center. | CLNTUSER |
Extended page
The following table lists the properties that you can set on the Extended page of the Channel Authentication Records properties dialog. See SET CHLAUTH in IBM Knowledge Center.
Property | Meaning | MQSC parameter |
---|---|---|
User source | Source of the user ID to be used for MCAUSER at run time. Possible values are Channel, Map and No access. | USERSRC |
MCA user ID | Message channel user ID to be used when the inbound connection matches the SSL DN, IP address, client asserted user ID or remote queue manager name supplied. This property is enabled only when User source selected is Map. | MCAUSER |
Warning | Indicates whether this record should operate in warning mode. Possible values are Yes or No. | WARN |
Check client connection | Specifies whether the connection that matches this rule and is being allowed in with USERSRC(CHANNEL) or USERSRC(MAP), must also specify a valid user ID and password. | CHCKCLNT |
Custom | This property is reserved for the configuration of new features before separate properties have been introduced. | CUSTOM |
Statistics page
The Statistics page of the Channel Authentication Records properties dialog displays read-only information showing when the properties of the channel authentication record were last changed. You cannot edit the values of these properties. See DISPLAY CHLAUTH in IBM Knowledge Center.
Property | Meaning | MQSC parameter |
---|---|---|
Alteration date | Read-only. This is the date on which the authentication information object properties were last altered. | ALTDATE |
Alteration time | Read-only. This is the time at which the authentication information object properties were last altered. | ALTTIME |