DISPLAY AUTHINFO

• ¹ Not valid on IBM MQ for z/OS.
• ² Valid only when the queue manager is a member of a queue sharing group. We can use queue sharing groups only on IBM MQ for z/OS.
• ³ Valid only on z/OS.
• ⁴ Not valid on z/OS and AUTHENMD PAM value valid only on UNIX.

Parameter descriptions for DISPLAY AUTHINFO

(generic-authentication-information-object-name)

The name of the authentication information object to be displayed (see Rules for naming IBM MQ objects ). A trailing asterisk (*) matches all authentication information objects with the specified stem followed by zero or more characters. An asterisk (*) on its own specifies all authentication information objects.

WHERE

Specify a filter condition to display only those authentication information objects that satisfy the selection criterion of the filter condition. The filter condition is in three parts: filter-keyword, operator, and filter-value:

filter-keyword

Almost any parameter that can be used to display attributes for this DISPLAY command. However, we cannot use the CMDSCOPE or QSGDISP parameters as filter keywords.

operator

This is used to determine whether an authentication information object satisfies the filter value on the given filter keyword. The operators are:

LT

Less than

GT

Greater than

EQ

Equal to

NE

Not equal to

LE

Less than or equal to

GE

Greater than or equal to

LK

Matches a generic string that you provide as a filter-value

NL

Does not match a generic string that you provide as a filter-value

filter-value

The value that the attribute value must be tested against using the operator. Depending on the filter-keyword, this can be:

• An explicit value, that is a valid value for the attribute being tested.

  We can use any of the operators except LK and NL.

• A generic value. This is a character string (such as the character string you supply for the DESCR parameter) with an asterisk at the end, for example ABC*. The characters must be valid for the attribute you are testing. If the operator is LK, all items where the attribute value begins with the string (ABC in the example) are listed. If the operator is NL, all items where the attribute value does not begin with the string are listed. We cannot use a generic filter-value with numeric values. Only a single trailing wildcard character (asterisk) is permitted.

  We can only use operators LK or NL for generic values on the DISPLAY AUTHINFO command.

ALL

Specify this to display all the parameters. If this parameter is specified, any parameters that are requested specifically have no effect; all parameters are still displayed.

This is the default if we do not specify a generic name and do not request any specific parameters.

On z/OS this is also the default if you specify a filter condition using the WHERE parameter, but on other platforms only requested attributes are displayed.

CMDSCOPE

This parameter applies to z/OS only and specifies how the command runs when the queue manager is a member of a queue sharing group. CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.

' '

The command runs on the queue manager on which it was entered. This is the default value.

qmgr-name

The command runs on the queue manager you specify, providing the queue manager is active within the queue sharing group.

We can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue sharing group environment and if the command server is enabled.

*

The command runs on the local queue manager and is also passed to every active queue manager in the queue sharing group. The effect of this is the same as entering the command on every queue manager in the queue sharing group.

We cannot use CMDSCOPE as a filter keyword.

AUTHTYPE

Specifies the authentication information type of the objects for which information is to be displayed. Values are:

ALL

This is the default value and displays information for objects defined with AUTHTYPE(CRLLDAP) and with AUTHTYPE(OCSP).

CRLLDAP

Displays information only for objects defined with AUTHTYPE(CRLLDAP).

IDPWLDAP

Displays information only for objects defined with AUTHTYPE(IDPWLDAP).

IDPWOS

Displays information only for objects defined with AUTHTYPE(IDPWOS).

OCSP

Displays information only for objects defined with AUTHTYPE(OCSP).

QSGDISP

Specifies the disposition of the objects for which information is to be displayed. Values are:

LIVE

This is the default value and displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).

ALL

Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).

If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with QSGDISP(GROUP).

If QSGDISP(LIVE) is specified or defaulted, or if QSGDISP(ALL) is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).

COPY

Displays information only for objects defined with QSGDISP(COPY).

GROUP

Displays information only for objects defined with QSGDISP(GROUP). This is allowed only if there is a shared queue manager environment.

PRIVATE

Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY). Note that QSGDISP(PRIVATE) displays the same information as QSGDISP(LIVE).

QMGR

Displays information only for objects defined with QSGDISP(QMGR).

QSGDISP displays one of the following values:

QMGR

The object was defined with QSGDISP(QMGR).

GROUP

The object was defined with QSGDISP(GROUP).

COPY

The object was defined with QSGDISP(COPY).

We cannot use QSGDISP as a filter keyword.

Requested parameters

Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.

ADOPTCTX

Displays the presented credentials as the context for this application.

ALTDATE

The date on which the definition was last altered, in the form yyyy-mm-dd

ALTTIME

The time at which the definition was last altered, in the form hh.mm.ss

AUTHENMD

Authentication method. Possible values are:

OS

Displays the traditional UNIX password verification method permissions.

PAM

Displays the Pluggable Authentication Method permissions.

We can set the PAM value only on UNIX and Linux platforms.

AUTHORMD

Displays the authorization method. Possible values are:

OS

Use operating system groups to determine permissions associated with a user.

SEARCHGRP

A group entry in the LDAP repository contains an attribute listing the Distinguished Name of all users belonging to that group.

SEARCHUSR

A user entry in the LDAP repository contains an attribute listing the Distinguished Name of all the groups to which the specified user belongs.

SRCHGRPSN

A group entry in the LDAP repository contains an attribute listing the short user name of all users belonging to that group.

AUTHTYPE

The type of the authentication information

BASEDNG

Displays the Base DN for groups.

BASEDNU

Displays the base distinguished name to search for users within the LDAP server.

CHCKLOCL or CHCKCLNT

These attributes are valid only for an AUTHTYPE of IDPWOS or IDPWLDAP. The possible values are:

NONE

Displays all locally bound applications that have no user ID and password authentication.

OPTIONAL

Displays the user IDs and passwords provided by an application. Note that it is not mandatory to provide these attributes. This option might be useful during migration, for example.

REQUIRED

Displays all applications providing a valid user ID and password.

REQDADM

Displays privileged users supplying a valid user ID and password, Non-privileged users are treated as with the OPTIONAL setting. See also the following note. (This setting is not allowed on z/OS systems.)

CLASSGRP

Displays the LDAP object class for group records.

CLASSUSR

Displays the LDAP object class for user records within the LDAP repository.

CONNAME

The host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

DESCR

Description of the authentication information object.

FAILDLAY

Delay in seconds before an authentication failure is returned to an application.

FINDGRP

Displays the name of the attribute within an LDAP entry to determine group membership.

GRPFIELD

Displays the LDAP attribute that represents a simple name for the group.

LDAPPWD

Password associated with the Distinguished Name of the user on the LDAP server. If nonblank, this is displayed as asterisks on all platforms except z/OS. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

LDAPUSER

Distinguished Name of the user on the LDAP server. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).

NESTGRP

Displays whether a group is a member of another group..

OCSPURL

The URL of the OCSP responder used to check for certificate revocation. Applies only to objects with AUTHTYPE(OCSP).

SECCOMM

Displays the method used to connect the LDAP server.

SHORTUSR

Displays the user record being used as a short name.

USRFIELD

Displays the user record being used in the LDAP user record, only if the user ID does not contain a qualifier.

See Usage notes for DEFINE AUTHINFO for more information about individual parameters.