DISPLAY AUTHINFO

Use the MQSC command DISPLAY AUTHINFO to display the attributes of an authentication information object.


Use MQSC commands

For information on how we use MQSC commands, see Performing local administration tasks using MQSC commands.

We can issue this command from sources 2CR. For an explanation of the source symbols, see Use commands on z/OSĀ®.

Synonym: DIS AUTHINFO

DISPLAY AUTHINFO

DISPLAY AUTHINFO ( generic-authentication-information-object-name ) WHERE(FilterCondition)
  • ALL
  • AUTHTYPE(ALL)AUTHTYPE(CRLLDAP)AUTHTYPE(IDPWLDAP)1
  • AUTHTYPE(IDPWOS)AUTHTYPE(OCSP)
  • CMDSCOPE(' ')CMDSCOPE(qmgr-name)
  • 2
  • CMDSCOPE(*)2
  • 3QSGDISP(LIVE)QSGDISP(ALL)QSGDISP(QMGR)QSGDISP(COPY)QSGDISP(GROUP)2
  • QSGDISP(PRIVATE)
  • 3Requested attrs
  • Requested attrs,ADOPTCTXALTDATEALTTIMEAUTHENMD4
  • AUTHORMDAUTHTYPEBASEDNGBASEDNUCHCKCLNTCHCKLOCLCLASSGRPCLASSUSRCONNAMEDESCRFAILDLAYFINDGRPGRPFIELDLDAPPWDLDAPUSERNESTGRPOCSPURLSECCOMMSHORTUSRUSRFIELD
  • Notes:

    • 1 Not valid on IBM MQ for z/OS.
    • 2 Valid only when the queue manager is a member of a queue sharing group. We can use queue sharing groups only on IBM MQ for z/OS.
    • 3 Valid only on z/OS.
    • 4 Not valid on z/OS and AUTHENMD PAM value valid only on UNIX.


    Parameter descriptions for DISPLAY AUTHINFO

      (generic-authentication-information-object-name)
      The name of the authentication information object to be displayed (see Rules for naming IBM MQ objects ). A trailing asterisk (*) matches all authentication information objects with the specified stem followed by zero or more characters. An asterisk (*) on its own specifies all authentication information objects.

      WHERE
      Specify a filter condition to display only those authentication information objects that satisfy the selection criterion of the filter condition. The filter condition is in three parts: filter-keyword, operator, and filter-value:

        filter-keyword
        Almost any parameter that can be used to display attributes for this DISPLAY command. However, we cannot use the CMDSCOPE or QSGDISP parameters as filter keywords.
        operator
        This is used to determine whether an authentication information object satisfies the filter value on the given filter keyword. The operators are:

          LT
          Less than

          GT
          Greater than

          EQ
          Equal to

          NE
          Not equal to

          LE
          Less than or equal to

          GE
          Greater than or equal to

          LK
          Matches a generic string that you provide as a filter-value

          NL
          Does not match a generic string that you provide as a filter-value

        filter-value
        The value that the attribute value must be tested against using the operator. Depending on the filter-keyword, this can be:

        • An explicit value, that is a valid value for the attribute being tested.

          We can use any of the operators except LK and NL.

        • A generic value. This is a character string (such as the character string you supply for the DESCR parameter) with an asterisk at the end, for example ABC*. The characters must be valid for the attribute you are testing. If the operator is LK, all items where the attribute value begins with the string (ABC in the example) are listed. If the operator is NL, all items where the attribute value does not begin with the string are listed. We cannot use a generic filter-value with numeric values. Only a single trailing wildcard character (asterisk) is permitted.

          We can only use operators LK or NL for generic values on the DISPLAY AUTHINFO command.

      ALL
      Specify this to display all the parameters. If this parameter is specified, any parameters that are requested specifically have no effect; all parameters are still displayed.

      This is the default if we do not specify a generic name and do not request any specific parameters.

      On z/OS this is also the default if you specify a filter condition using the WHERE parameter, but on other platforms only requested attributes are displayed.

      CMDSCOPE
      This parameter applies to z/OS only and specifies how the command runs when the queue manager is a member of a queue sharing group. CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.

        ' '
        The command runs on the queue manager on which it was entered. This is the default value.

        qmgr-name
        The command runs on the queue manager you specify, providing the queue manager is active within the queue sharing group.

        We can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue sharing group environment and if the command server is enabled.

        *
        The command runs on the local queue manager and is also passed to every active queue manager in the queue sharing group. The effect of this is the same as entering the command on every queue manager in the queue sharing group.

      We cannot use CMDSCOPE as a filter keyword.

      AUTHTYPE
      Specifies the authentication information type of the objects for which information is to be displayed. Values are:

        ALL
        This is the default value and displays information for objects defined with AUTHTYPE(CRLLDAP) and with AUTHTYPE(OCSP).
        CRLLDAP
        Displays information only for objects defined with AUTHTYPE(CRLLDAP).
        IDPWLDAP
        Displays information only for objects defined with AUTHTYPE(IDPWLDAP).
        IDPWOS
        Displays information only for objects defined with AUTHTYPE(IDPWOS).
        OCSP
        Displays information only for objects defined with AUTHTYPE(OCSP).

      QSGDISP
      Specifies the disposition of the objects for which information is to be displayed. Values are:

        LIVE
        This is the default value and displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).

        ALL
        Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).

        If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with QSGDISP(GROUP).

        If QSGDISP(LIVE) is specified or defaulted, or if QSGDISP(ALL) is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).

        COPY
        Displays information only for objects defined with QSGDISP(COPY).

        GROUP
        Displays information only for objects defined with QSGDISP(GROUP). This is allowed only if there is a shared queue manager environment.

        PRIVATE
        Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY). Note that QSGDISP(PRIVATE) displays the same information as QSGDISP(LIVE).

        QMGR
        Displays information only for objects defined with QSGDISP(QMGR).

      QSGDISP displays one of the following values:

        QMGR
        The object was defined with QSGDISP(QMGR).

        GROUP
        The object was defined with QSGDISP(GROUP).

        COPY
        The object was defined with QSGDISP(COPY).

      We cannot use QSGDISP as a filter keyword.


    Requested parameters

    Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.

    The default, if no parameters are specified (and the ALL parameter is not specified) is that the object names and their AUTHTYPEs, and, on z/OS, their QSGDISPs, are displayed.

      ADOPTCTX
      Displays the presented credentials as the context for this application.

      ALTDATE
      The date on which the definition was last altered, in the form yyyy-mm-dd

      ALTTIME
      The time at which the definition was last altered, in the form hh.mm.ss

      AUTHENMD
      Authentication method. Possible values are:

        OS
        Displays the traditional UNIX password verification method permissions.
        PAM
        Displays the Pluggable Authentication Method permissions.

        We can set the PAM value only on UNIX and Linux platforms.

      AUTHORMD
      Displays the authorization method. Possible values are:

        OS
        Use operating system groups to determine permissions associated with a user.

        SEARCHGRP
        A group entry in the LDAP repository contains an attribute listing the Distinguished Name of all users belonging to that group.

        SEARCHUSR
        A user entry in the LDAP repository contains an attribute listing the Distinguished Name of all the groups to which the specified user belongs.

        SRCHGRPSN
        A group entry in the LDAP repository contains an attribute listing the short user name of all users belonging to that group.

      AUTHTYPE
      The type of the authentication information

      BASEDNG
      Displays the Base DN for groups.

      BASEDNU
      Displays the base distinguished name to search for users within the LDAP server.

      CHCKLOCL or CHCKCLNT
      These attributes are valid only for an AUTHTYPE of IDPWOS or IDPWLDAP. The possible values are:

        NONE
        Displays all locally bound applications that have no user ID and password authentication.

        OPTIONAL
        Displays the user IDs and passwords provided by an application. Note that it is not mandatory to provide these attributes. This option might be useful during migration, for example.

        REQUIRED
        Displays all applications providing a valid user ID and password.

        REQDADM
        Displays privileged users supplying a valid user ID and password, Non-privileged users are treated as with the OPTIONAL setting. See also the following note. (This setting is not allowed on z/OS systems.)

      CLASSGRP
      Displays the LDAP object class for group records.

      CLASSUSR
      Displays the LDAP object class for user records within the LDAP repository.

      CONNAME
      The host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

      DESCR
      Description of the authentication information object.

      FAILDLAY
      Delay in seconds before an authentication failure is returned to an application.

      FINDGRP
      Displays the name of the attribute within an LDAP entry to determine group membership.

      GRPFIELD
      Displays the LDAP attribute that represents a simple name for the group.

      LDAPPWD
      Password associated with the Distinguished Name of the user on the LDAP server. If nonblank, this is displayed as asterisks on all platforms except z/OS. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

      LDAPUSER
      Distinguished Name of the user on the LDAP server. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

      NESTGRP
      Displays whether a group is a member of another group..

      OCSPURL
      The URL of the OCSP responder used to check for certificate revocation. Applies only to objects with AUTHTYPE(OCSP).

      SECCOMM
      Displays the method used to connect the LDAP server.

      SHORTUSR
      Displays the user record being used as a short name.

      USRFIELD
      Displays the user record being used in the LDAP user record, only if the user ID does not contain a qualifier.

    See Usage notes for DEFINE AUTHINFO for more information about individual parameters.