Authenticators are invoked by security attributes. Therefore, how and when they are used is determined by the specific implementation of an attribute. One main usage of authenticators is for controlling access to queues in queue-based security. Authenticators can be used in queue-based security to control access to queues. MQe provides a certificate authenticator as part of its base code, com.ibm.mqe.attributes.MQeWTLSCertAuthenticator. There are some Java™ example authenticators, in the examples.attributes directory, which are based on user names and passwords. There is also a C example, WinCEAuthenticator, in the examples\src\WinCEAuthenticator directory. In addition to these, MQe allows you to write your own authenticator.
In queue-based security, authenticators are activated when a queue is first accessed and they can grant or deny access to the queue. When a queue is accessed from its local queue manager, the authenticator is activated when the first operation, for example put, get , or browse is performed on the queue. When a queue is accessed from a remote queue manager, MQe establishes a channel between the two queue managers and the authenticator is activated as part of establishing the channel.