IBM Support

CHLAUTH Made Simple: Common Scenarios and Examples and How to Verify them with RUNCHECK (rev3)

White paper


The objective of this technical document is to provide examples how to use CHLAUTH rules to better control access to your WebSphere MQ queue managers. Common problems caused by CHLAUTH rules are noted, along with examples of CHLAUTH rules to control access.


Table of Contents:

    Overview of CHLAUTH:
    Result of 3 default CHLAUTH rules:
    How to display CHLAUTH rules:
    Common connection errors which can be due to CHLAUTH rules:
    Best Practices for CHLAUTH:
    Work-around 1 - Disable CHLAUTH:
    Work-around 2 - Modify or Remove CHLAUTH rules:
    Testing access using MATCH (RUNCHECK):
    Resolve the issue by creating new CHLAUTH rules:
      Scenario 1: Control access for specific MQ-admin users
      Scenario 2: Control access for specific MQ client application
      Scenario 3: Control access for specific user via the user's certificate distinguished name (DN)
      Scenario 4: Mapping a particular user to the mqm user (extension of scenario 1)
      Scenario 5: Only allow access to a particular channel from a specific IP address range.
      Scenario 6: For a specific channel, Block all users, but allow specific users to connect.
      Scenario 7: Using CHLAUTH for RCVR (Receiver/Sender) channels
    MQ Explorer: Wizard to create CHLAUTH rules
    Additional Resources:

    Updated: Added Scenario 7: Using CHLAUTH for RCVR (Receiver/Sender) channels

Techdoc-7041997-3-CHLAUTH .pdfTechdoc-7041997-3-CHLAUTH .pdf

Document information

More support for: WebSphere MQ

Software version: 7.1, 7.5, 8.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 7041997

Modified date: 06 April 2016