Script (MQSC) Command Reference: DEFINE AUTHINFO

DEFINE AUTHINFO

Use DEFINE AUTHINFO to define an authentication information object. These objects contain the definitions required to perform Certificate Revocation List (CRL) checking using LDAP servers, except on OS/400 where these are defined by the Digital Certificate Manager for each Certification Authority.
Synonym: DEF AUTHINFO
DEFINE AUTHINFO
 
>>-DEFINE AUTHINFO(name)--AUTHTYPE(CRLLDAP)--CONNAME(string)---->
 
                                                   (1)
   .-CMDSCOPE(' ')------------. (2)   .-DESCR(' ')----------.
>--+--------------------------+-------+---------------------+--->
   |                     (3)  |       'DESCR--(--string--)--'
   +-CMDSCOPE(qmgr-name)------+
   |             (3)          |
   '-CMDSCOPE(*)--------------'
 
                  (1)                         (1)
   .-LDAPPWD(' ')----------.  .-LDAPUSER(' ')----------.
>--+-----------------------+--+------------------------+-------->
   'LDAPPWD--(--string--)--'  'LDAPUSER--(--string--)--'
 
                            .-QSGDISP(QMGR)-------. (2)
>--+---------------------+--+---------------------+------------->
   '-LIKE(authinfo-name)-'  +-QSGDISP(COPY)-------+
                            |                (3)  |
                            '-QSGDISP(GROUP)------'
 
   .-NOREPLACE-.
>--+-----------+-----------------------------------------------><
   '-REPLACE---'
 
 
Notes:

This is the default supplied with WebSphere MQ, but your installation might have changed it.
Valid only on z/OS.
Valid only on full function WebSphere MQ for z/OS when the queue manager is a member of a queue-sharing group.

Parameter descriptions

The parameter descriptions also apply to the ALTER AUTHINFO command, with the following exceptions:

The AUTHTYPE parameter applies only to the DEFINE AUTHINFO command.
The LIKE parameter applies only to the DEFINE AUTHINFO command.
The REPLACE and NOREPLACE parameter applies only to the DEFINE AUTHINFO command.
name

Name of the authentication information object. This is required.
The name must not be the same as any other authentication information object name currently defined on this queue manager (unless REPLACE or ALTER is specified). See Rules for naming WebSphere MQ objects.

AUTHTYPE

The type of authentication information. The value must be CRLLDAP, meaning that Certificate Revocation List checking is done using LDAP servers.

CMDSCOPE

This parameter applies to z/OS only and specifies how the command is executed when the queue manager is a member of a queue-sharing group.
CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.

' '

The command is executed on the queue manager on which it was entered. This is the default value.

qmgr-name

The command is executed on the queue manager you specify, providing the queue manager is active within the queue-sharing group.
You can specify a queue manager name other than the queue manager on which it was entered, only if you are using a shared queue environment and if the command server is enabled.

*

The command is executed on the local queue manager and is also passed to every active queue manager in the queue-sharing group. The effect of this is the same as entering the command on every queue manager in the queue-sharing group.

CONNAME(string)
The DNS name or IP address of the host on which the LDAP server is running, with an optional port number. This keyword is required.
The syntax for CONNAME is the same as for channels. For example,
conname('hostname(nnn)')
where nnn is the port number. If nnn is not provided, the default port number 389 is used.
The maximum length for the field is 264 characters on OS/400, UNIX systems, and Windows, and 48 characters on z/OS.
DESCR(string)

Plain-text comment. It provides descriptive information about the authentication information object when an operator issues the DISPLAY AUTHINFO command (see DISPLAY AUTHINFO).
It should contain only displayable characters. The maximum length is 64 characters. In a DBCS installation, it can contain DBCS characters (subject to a maximum length of 64 bytes).

Note:

If characters are used that are not in the coded character set identifier (CCSID) for this queue manager, they might be translated incorrectly if the information is sent to another queue manager.

LDAPPWD(string)

The password associated with the Distinguished Name of the user who is accessing the LDAP server.
Its maximum size is 32 characters. The default value is blank.

LDAPUSER(string)

The Distinguished Name of the user who is accessing the LDAP server. (See the SSLPEER parameter on page *** for more information about distinguished names.)
The maximum size for the user name is 1024 characters on OS/400, UNIX systems, and Windows, and 256 characters on z/OS.
The maximum accepted line length is defined to be BUFSIZ, which can be found in stdio.h.
If you use asterisks (*) in the user name they are treated as literal characters, and not as wild cards, because LDAPUSER is a specific name and not a string used for matching.

LIKE(authinfo-name)

The name of an authentication information object, whose parameters will be used to model this definition.
If this field is not filled in, and you do not complete the parameter fields related to the command, the values are taken from the default definition for an object of this type. This is equivalent to specifying LIKE(SYSTEM.DEFAULT.AUTHINFO.CRLLDAP).
A default authentication information object definition is provided, but it can be altered by the installation to the default values required. See Rules for naming WebSphere MQ objects.
On WebSphere MQ for z/OS, the queue manager searches page set zero for an object with the name you specify. The disposition of the LIKE object is not copied to the object you are defining.

QSGDISP
This parameter applies to z/OS only.
Specifies the disposition of the object to which you are applying the command (that is, where it is defined and how it behaves).
QSGDISP ALTER DEFINE

COPY The object definition resides on the page set of the queue manager that executes the command. The object was defined using a command that had the parameters QSGDISP(COPY). Any object residing in the shared repository, or any object defined using a command that had the parameters QSGDISP(QMGR), is not affected by this command. The object is defined on the page set of the queue manager that executes the command using the QSGDISP(GROUP) object of the same name as the 'LIKE' object.
GROUP
The object definition resides in the shared repository. The object was defined using a command that had the parameters QSGDISP(GROUP). Any object residing on the page set of the queue manager that executes the command (except a local copy of the object) is not affected by this command.
If the command is successful, the following command is generated and sent to all active queue managers in the queue-sharing group so that they refresh local copies on page set zero:
DEFINE AUTHINFO(name) 
REPLACE QSGDISP(COPY)
The object definition resides in the shared repository. This is allowed only if the queue manager is in a queue-sharing group.
If the definition is successful, the following command is generated and sent to all active queue managers in the queue-sharing group so that they make or refresh local copies on page set zero:
DEFINE AUTHINFO(name) 
REPLACE QSGDISP(COPY)
PRIVATE The object resides on the page set of the queue manager that executes the command, and was defined with QSGDISP(QMGR) or QSGDISP(COPY).
Any object residing in the shared repository is unaffected. Not permitted.

QMGR The object definition resides on the page set of the queue manager that executes the command. The object was defined using a command that had the parameters QSGDISP(QMGR). Any object residing in the shared repository, or any local copy of such an object, is not affected by this command.
This is the default value. The object is defined on the page set of the queue manager that executes the command.
This is the default value.
REPLACE and NOREPLACE

Whether the existing definition (and on z/OS, with the same disposition) is to be replaced with this one. This is optional. The default is NOREPLACE. Any object with a different disposition is not changed.

REPLACE

The definition should replace any existing definition of the same name. If a definition does not exist, one is created.

NOREPLACE

The definition should not replace any existing definition of the same name.
Usage Notes

On OS/400, authentication information objects are only used for channels of type CLNTCONN through use of the AMQCLCHL.TAB. Certificates are defined by Digital Certificate Manager for each Certification Authority, and are verified against the LDAP servers.

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

QSGDISP	ALTER	DEFINE
COPY	The object definition resides on the page set of the queue manager that executes the command. The object was defined using a command that had the parameters QSGDISP(COPY). Any object residing in the shared repository, or any object defined using a command that had the parameters QSGDISP(QMGR), is not affected by this command.	The object is defined on the page set of the queue manager that executes the command using the QSGDISP(GROUP) object of the same name as the 'LIKE' object.
GROUP	The object definition resides in the shared repository. The object was defined using a command that had the parameters QSGDISP(GROUP). Any object residing on the page set of the queue manager that executes the command (except a local copy of the object) is not affected by this command. If the command is successful, the following command is generated and sent to all active queue managers in the queue-sharing group so that they refresh local copies on page set zero: DEFINE AUTHINFO(name) REPLACE QSGDISP(COPY)	The object definition resides in the shared repository. This is allowed only if the queue manager is in a queue-sharing group. If the definition is successful, the following command is generated and sent to all active queue managers in the queue-sharing group so that they make or refresh local copies on page set zero: DEFINE AUTHINFO(name) REPLACE QSGDISP(COPY)
PRIVATE	The object resides on the page set of the queue manager that executes the command, and was defined with QSGDISP(QMGR) or QSGDISP(COPY). Any object residing in the shared repository is unaffected.	Not permitted.
QMGR	The object definition resides on the page set of the queue manager that executes the command. The object was defined using a command that had the parameters QSGDISP(QMGR). Any object residing in the shared repository, or any local copy of such an object, is not affected by this command. This is the default value.	The object is defined on the page set of the queue manager that executes the command. This is the default value.