Mapping an SSL or TLS Distinguished Name to an MCAUSER user ID
You can use a channel authentication record to set the MCAUSER attribute of a channel, according to the Distinguished Name (DN) received.
Before you begin
ALTER QMGR CHLAUTH(ENABLED)
Procedure
Set a channel authentication record using the MQSC command
SET CHLAUTH, or the PCF command Set Channel Authentication
Record.
For example, you can issue the MQSC command:
SET CHLAUTH('generic-channel-name') TYPE (SSLPEERMAP) SSLPEER(generic-ssl-peer-name
) USERSRC(MAP) MCAUSER(user)
- generic-channel-name is either the name of a channel to which you want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
- generic-ssl-peer-name is a string following the standard IBM® WebSphere® MQ rules for SSLPEER values. See WebSphere MQ rules for SSLPEER values.
- user is the user ID to be used for all connections using the specified DN.