Home

 

Optional parameters

 

CommandScope (MQCFST)

Command scope (parameter identifier: MQCACF_COMMAND_SCOPE). This parameter applies to z/OS only.

Specifies how the command is executed when the queue manager is a member of a queue-sharing group. We can specify one of the following:

  • blank (or omit the parameter altogether). The command is executed on the queue manager on which it was entered.

  • a queue manager name. The command is executed on the queue manager you specify, providing it is active within the queue sharing group. If you specify a queue manager name other than the queue manager on which it was entered, be using a queue-sharing group environment, and the command server must be enabled.

  • an asterisk (*). The command is executed on the local queue manager and is also passed to every active queue manager in the queue-sharing group.

The maximum length is MQ_QSG_NAME_LENGTH.

SecurityItem (MQCFIN)

Resource class for which the security refresh is to be performed (parameter identifier: MQIACF_SECURITY_ITEM). This parameter applies to z/OS only.

Use this to specify the resource class for which the security refresh is to be performed. The value can be:

MQSECITEM_ALL

A full refresh of the type specified is performed. This is the default value.

MQSECITEM_MQADMIN

Specifies that Administration type resources are to be refreshed. Valid only if the value of SecurityType is MQSECTYPE_CLASSES..

MQSECITEM_MQNLIST

Specifies that Namelist resources are to be refreshed. Valid only if the value of SecurityType is MQSECTYPE_CLASSES.

MQSECITEM_MQPROC

Specifies that Process resources are to be refreshed. Valid only if the value of SecurityType is MQSECTYPE_CLASSES.

MQSECITEM_MQQUEUE

Specifies that Queue resources are to be refreshed. Valid only if the value of SecurityType is MQSECTYPE_CLASSES.

SecurityType (MQCFIN)

Security type (parameter identifier: MQIACF_SECURITY_TYPE).

Use this to specify the type of security refresh to be performed. The value can be:

MQSECTYPE_AUTHSERV

The list of authorizations held internally by the authorization services component is refreshed. This is not valid on z/OS.

This is the default on platforms other than z/OS.

MQSECTYPE_CLASSES

Permits you to select specific resource classes for which to perform the security refresh.

This is valid only on z/OS where it is the default.

MQSECTYPE_SSL

This refreshes the locations of:

  • The LDAP servers to be used for Certified Revocation Lists

  • The key repository

as well as any cryptographic hardware parameters specified through WebSphere MQ. It also refreshes the cached view of the Secure Sockets Layer key repository and allows updates to become effective on successful completion of the command.

This updates all SSL channels currently running, as follows:

  • Sender, server and cluster-sender channels using SSL are allowed to complete the current batch. In general, they then run the SSL handshake again with the refreshed view of the SSL key repository. However, manually restart a requester-server channel on which the server definition has no CONNAME parameter.

  • All other channel types using SSL are stopped with a STOP CHANNEL MODE(FORCE) STATUS(INACTIVE) command. If the partner end of the stopped MCA channel has retry values defined, the channel retries and the new SSL handshake uses the refreshed view of the contents of the SSL key repository, the location of the LDAP server to be used for Certification Revocation Lists, and the location of the key repository. In the case of a server-connection channel, the client application loses its connection to the queue manager and has to reconnect in order to continue.

 

Parent topic:

Refresh Security


pc13740_


 

Home