On AIX and Linux , MQ MFT agent files are all owned by mqm, and subsequently the agent processes run as mqm in the process list. In addition, when the agent connects to an MQ Manager, the connection user is mqm. Due to security - I would like to have a different user appear in the connections to the MQ manager. Is there a way to run an MQ MFT agent as the mqm user, but the outbound connections to the MQ Manager are done as a different user, for example mqmftuser001, rather than mqm?
You can use MQMFTCredentials.xml file to map a local user to mquserid for connecting to agent queue manager. For example -
<tns:qmgr name="MFTQM" user="localuser" mqUserId="mqagentuser" mqPassword="Password" useMQCSPAuthentication="true"/>.
The file can need to be placed in a secure folder where no user other than the one that starts the agent has access permissions. Generally it will be users home directory, $HOME.
You can override the default credential path by setting the agent property agentQMgrAuthenticationCredentialsFile. The path specified for the property must be secure as mentioned before.