The amqrspin
security exit shipped with MQ supports KERBEROS and NTLM. A channel can be defined to use the security exit as
define channel(ABC) chltype(SVRCONN) SCYEXIT('amqrspin(SCY_KERBEROS)') SCYDATA('domusr')
where 'domusr' is in the form DOMAIN\user. The secure channel is established only if the name of the remote principal matches 'domusr'. Here is some more information on amqrspin
security exit.