Mapping an SSL or TLS Distinguished Name to an MCAUSER user ID

You can use a channel authentication record to set the MCAUSER attribute of a channel, according to the Distinguished Name (DN) received.

Before you begin

Ensure that channel authentication records are enabled as follows:

ALTER QMGR CHLAUTH(ENABLED)

Procedure

Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, you can issue the MQSC command:


SET CHLAUTH('generic-channel-name') TYPE (SSLPEERMAP) SSLPEER(generic-ssl-peer-name
) USERSRC(MAP) MCAUSER(user)

generic-channel-name is either the name of a channel to which you want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
generic-ssl-peer-name is a string following the standard IBM® WebSphere® MQ rules for SSLPEER values. See WebSphere MQ rules for SSLPEER values.
user is the user ID to be used for all connections using the specified DN.