FreeKB - IBM MQ set chlauth command (allow connection to a channel whitelist)
IBM MQ - set chlauth command (allow connection to a channel whitelist)

Before adding authority to a channel, use the display chlauth command to view the current authority settings for the channel.

If the following is returned, the set chlauth command has not yet been used. In this scenario, you would use the set chlauth command to give the channel authority.

AMQ8884E: Channel authentication record not found.
One MQSC command read.
No commands have a syntax error.
One valid MQSC command could not be processed.

 

Let's say the display chlauth command returns the following. In this example, only requests comming from client01.example.com would be allowed.

CHLAUTH(CHANNEL01)                      TYPE(ADDRESSMAP)
DESCR(Allow access and use ID from channel)
CUSTOM( )                               ADDRESS(client01.example.com)
USERSRC(CHANNEL)                        CHCKCLNT(ASQMGR)
ALTDATE(2019-08-20)                     ALTTIME(07.09.01)

 

The set chlauth command will append authority to a channel. In this example, the channel is updated to allow connections from client02.example.com.

echo "set chlauth (MANAGER01.<channel name>.SVR) type (ADDRESSMAP) address ('client02.example.com') usersrc (CHANNEL)" | runmqsc MANAGER01

 

The display chlauth command should now return the following, where there are two blocks, one for client01.example.com and another for client02.example.com.

CHLAUTH(CHANNEL01)                      TYPE(ADDRESSMAP)
DESCR(Allow access and use ID from channel)
CUSTOM( )                               ADDRESS(client01.example.com)
USERSRC(CHANNEL)                        CHCKCLNT(ASQMGR)
ALTDATE(2019-08-20)                     ALTTIME(07.09.01)

CHLAUTH(CHANNEL01)                      TYPE(ADDRESSMAP)
DESCR(Allow access and use ID from channel)
CUSTOM( )                               ADDRESS(client02.example.com)
USERSRC(CHANNEL)                        CHCKCLNT(ASQMGR)
ALTDATE(2019-08-20)                     ALTTIME(07.09.01)

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 6bbea in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |