DISPLAY AUTHINFO
Use the MQSC command DISPLAY AUTHINFO to display the attributes of an authentication information object.
Use MQSC commands
For information on how we use MQSC commands, see Performing local administration tasks using MQSC commands.
We can issue this command from sources 2CR. For an explanation of the source symbols, see Use commands on z/OSĀ®.
Synonym: DIS AUTHINFODISPLAY AUTHINFO
Requested attrsNotes:- 1 Not valid on IBM MQ for z/OS.
- 2 Valid only when the queue manager is a member of a queue sharing group. We can use queue sharing groups only on IBM MQ for z/OS.
- 3 Valid only on z/OS.
- 4 Not valid on z/OS and AUTHENMD PAM value valid only on UNIX.
Parameter descriptions for DISPLAY AUTHINFO
- (generic-authentication-information-object-name)
- The name of the authentication information object to be displayed (see Rules for naming IBM MQ objects ). A trailing asterisk (*) matches all authentication information objects with the specified stem followed by zero or more characters. An asterisk (*) on its own specifies all authentication information objects.
- WHERE
-
Specify a filter
condition to display only those authentication information objects that satisfy the selection
criterion of the filter condition. The filter condition is in three parts:
filter-keyword, operator, and filter-value:
- filter-keyword
- Almost any parameter that can be used to display attributes for this DISPLAY command. However, we cannot use the CMDSCOPE or QSGDISP parameters as filter keywords.
- operator
- This is used to determine whether an authentication information object satisfies the filter
value on the given filter keyword. The operators are:
- LT
- Less than
- GT
- Greater than
- EQ
- Equal to
- NE
- Not equal to
- LE
- Less than or equal to
- GE
- Greater than or equal to
- LK
- Matches a generic string that you provide as a filter-value
- NL
- Does not match a generic string that you provide as a filter-value
- filter-value
- The value that the attribute value must be tested against using the operator. Depending on the
filter-keyword, this can be:
- An explicit value, that is a valid value for the attribute being tested.
We can use any of the operators except LK and NL.
- A generic value. This is a character string (such as the character string you supply for the
DESCR parameter) with an asterisk at the end, for example ABC*. The characters must be valid for the
attribute you are testing. If the operator is LK, all items where the attribute value begins with
the string (ABC in the example) are listed. If the operator is NL, all items where the attribute
value does not begin with the string are listed. We cannot use a generic filter-value with numeric
values. Only a single trailing wildcard character (asterisk) is permitted.
We can only use operators LK or NL for generic values on the DISPLAY AUTHINFO command.
- An explicit value, that is a valid value for the attribute being tested.
- ALL
-
Specify this to display all the parameters. If this parameter is specified, any
parameters that are requested specifically have no effect; all parameters are still displayed.
This is the default if we do not specify a generic name and do not request any specific parameters.
On z/OS this is also the default if you specify a filter condition using the WHERE parameter, but on other platforms only requested attributes are displayed.
- CMDSCOPE
-
This parameter applies to z/OS only and
specifies how the command runs when the queue manager is a member of a queue sharing group.
CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.
- ' '
- The command runs on the queue manager on which it was entered. This is the default value.
- qmgr-name
- The command runs on the queue manager you specify, providing the queue manager is active within
the queue sharing group.
We can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue sharing group environment and if the command server is enabled.
- *
- The command runs on the local queue manager and is also passed to every active queue manager in the queue sharing group. The effect of this is the same as entering the command on every queue manager in the queue sharing group.
We cannot use CMDSCOPE as a filter keyword.
- AUTHTYPE
- Specifies the authentication information type of the objects for which information is to be
displayed. Values are:
- ALL
- This is the default value and displays information for objects defined with AUTHTYPE(CRLLDAP) and with AUTHTYPE(OCSP).
- CRLLDAP
- Displays information only for objects defined with AUTHTYPE(CRLLDAP).
- IDPWLDAP
- Displays information only for objects defined with AUTHTYPE(IDPWLDAP).
- IDPWOS
- Displays information only for objects defined with AUTHTYPE(IDPWOS).
- OCSP
- Displays information only for objects defined with AUTHTYPE(OCSP).
- QSGDISP
-
Specifies the disposition of the objects for which information is to be displayed.
Values are:
- LIVE
- This is the default value and displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).
- ALL
- Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).
If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with QSGDISP(GROUP).
If QSGDISP(LIVE) is specified or defaulted, or if QSGDISP(ALL) is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).
- COPY
- Displays information only for objects defined with QSGDISP(COPY).
- GROUP
- Displays information only for objects defined with QSGDISP(GROUP). This is allowed only if there is a shared queue manager environment.
- PRIVATE
- Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY). Note that QSGDISP(PRIVATE) displays the same information as QSGDISP(LIVE).
- QMGR
- Displays information only for objects defined with QSGDISP(QMGR).
QSGDISP displays one of the following values:
- QMGR
- The object was defined with QSGDISP(QMGR).
- GROUP
- The object was defined with QSGDISP(GROUP).
- COPY
- The object was defined with QSGDISP(COPY).
We cannot use QSGDISP as a filter keyword.
Requested parameters
Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.
The default, if no parameters are specified (and the ALL parameter is not specified) is that the object names and their AUTHTYPEs, and, on z/OS, their QSGDISPs, are displayed.
- ADOPTCTX
- Displays the presented credentials as the context for this application.
- ALTDATE
- The date on which the definition was last altered, in the form yyyy-mm-dd
- ALTTIME
- The time at which the definition was last altered, in the form hh.mm.ss
- AUTHENMD
- Authentication method. Possible values are:
- OS
- Displays the traditional UNIX password verification method permissions.
- PAM
- Displays the Pluggable Authentication Method permissions.
We can set the PAM value only on UNIX and Linux platforms.
- AUTHORMD
- Displays the authorization method. Possible values are:
- OS
- Use operating system groups to determine permissions associated with a user.
- SEARCHGRP
- A group entry in the LDAP repository contains an attribute listing the Distinguished Name of all users belonging to that group.
- SEARCHUSR
- A user entry in the LDAP repository contains an attribute listing the Distinguished Name of all the groups to which the specified user belongs.
- SRCHGRPSN
- A group entry in the LDAP repository contains an attribute listing the short user name of all users belonging to that group.
- AUTHTYPE
- The type of the authentication information
- BASEDNG
- Displays the Base DN for groups.
- BASEDNU
- Displays the base distinguished name to search for users within the LDAP server.
- CHCKLOCL or CHCKCLNT
- These attributes are valid only for an AUTHTYPE of
IDPWOS or IDPWLDAP. The possible values are:
- NONE
- Displays all locally bound applications that have no user ID and password authentication.
- OPTIONAL
- Displays the user IDs and passwords provided by an application. Note that it is not mandatory to provide these attributes. This option might be useful during migration, for example.
- REQUIRED
- Displays all applications providing a valid user ID and password.
- REQDADM
- Displays privileged users supplying a valid user ID and password, Non-privileged users are treated as with the OPTIONAL setting. See also the following note. (This setting is not allowed on z/OS systems.)
- CLASSGRP
- Displays the LDAP object class for group records.
- CLASSUSR
- Displays the LDAP object class for user records within the LDAP repository.
- CONNAME
- The host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- DESCR
- Description of the authentication information object.
- FAILDLAY
- Delay in seconds before an authentication failure is returned to an application.
- FINDGRP
- Displays the name of the attribute within an LDAP entry to determine group membership.
- GRPFIELD
- Displays the LDAP attribute that represents a simple name for the group.
- LDAPPWD
- Password associated with the Distinguished Name of the user on the LDAP server. If nonblank, this is displayed as asterisks on all platforms except z/OS. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- LDAPUSER
- Distinguished Name of the user on the LDAP server. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- NESTGRP
- Displays whether a group is a member of another group..
- OCSPURL
- The URL of the OCSP responder used to check for certificate revocation. Applies only to objects with AUTHTYPE(OCSP).
- SECCOMM
- Displays the method used to connect the LDAP server.
- SHORTUSR
- Displays the user record being used as a short name.
- USRFIELD
- Displays the user record being used in the LDAP user record, only if the user ID does not contain a qualifier.
See Usage notes for DEFINE AUTHINFO for more information about individual parameters.