Inquire Authentication Information Object

The Inquire authentication information object (MQCMD_INQUIRE_AUTH_INFO) command inquires about the attributes of authentication information objects.


Required parameters

    AuthInfoName (MQCFST)
    Authentication information object name (parameter identifier: MQCA_AUTH_INFO_NAME).

    Specifies the name of the authentication information object about which information is to be returned.

    Generic authentication information object names are supported. A generic name is a character string followed by an asterisk (*), for example ABC*, and it selects all authentication information objects having names that start with the selected character string. An asterisk on its own matches all possible names.

    The maximum length of the string is MQ_AUTH_INFO_NAME_LENGTH.


Optional parameters

    AuthInfoAttrs (MQCFIL)
    Authentication information object attributes (parameter identifier: MQIACF_AUTH_INFO_ATTRS). The attribute list can specify the following value - the default value if the parameter is not specified):

      MQIACF_ALL
      All attributes.

    or a combination of the following:

      MQIA_ADOPT_CONTEXT
      Adopt the presented credentials as the context for the application.

      MQCA_ALTERATION_DATE
      Date on which the definition was last altered.

      MQCA_ALTERATION_TIME
      Time at which the definition was last altered.

      MQCA_AUTH_INFO_DESC
      Description of the authentication information object.

      MQCA_AUTH_INFO_NAME
      Name of the authentication information object.

      MQIA_AUTH_INFO_TYPE
      Type of authentication information object.

      MQCA_AUTH_INFO_CONN_NAME
      Connection name of the authentication information object.

      This attribute is relevant only when AuthInfoType is set to MQAIT_CRL_LDAP or MQAIT_IDPW_LDAP.

      MQIA_AUTHENTICATION_FAIL_DELAY
      Delay in seconds before an authentication failure is returned to an application.

      MQIA_AUTHENTICATION_METHOD
      Authentication method for user passwords.

      MQIA_CHECK_CLIENT_BINDING
      Authentication requirements for client applications.

      MQIA_CHECK_LOCAL_BINDING
      Authentication requirements for locally bound applications.

      MQIA_LDAP_AUTHORMD
      Authorization method for the queue manager.

      MQCA_LDAP_BASE_DN_GROUPS
      The base Distinguished Name for groups in the LDAP server.

      MQCA_LDAP_BASE_DN_USERS
      The base Distinguished Name for users in the LDAP server.

      MQCA_LDAP_FIND_GROUP_FIELD
      Name of the attribute used within an LDAP entry to determine group membership.

      MQCA_LDAP_GROUP_ATTR_FIELD
      LDAP attribute that represents a simple name for the group.

      MQCA_LDAP_GROUP_OBJECT_CLASS
      The LDAP object class used for group records in the LDAP repository.

      MQIA_LDAP_NESTGRP
      Whether LDAP groups are checked for membership of other groups.

      MQCA_LDAP_PASSWORD
      LDAP password in the authentication information object.

      This attribute is relevant only when AuthInfoType is set to MQAIT_CRL_LDAP or MQAIT_IDPW_LDAP.

      MQIA_LDAP_SECURE_COMM
      Whether connectivity to the LDAP server should be done securely using TLS.

      MQCA_LDAP_SHORT_USER_FIELD
      The field in the LDAP user record to be used as a short user name in IBM MQ .

      MQCA_LDAP_USER_ATTR_FIELD
      The field in the LDAP user record to be used to interpret the user ID provided by an application, if the user ID does not contain a qualifier.

      MQCA_LDAP_USER_NAME
      LDAP user name in the authentication information object.

      This attribute is relevant only when AuthInfoType is set to MQAIT_CRL_LDAP or MQAIT_IDPW_LDAP.

      MQCA_LDAP_USER_OBJECT_CLASS
      The LDAP object class used for user records in the LDAP repository.

      MQCA_AUTH_INFO_OCSP_URL
      The URL of the OCSP responder used to check for certificate revocation.

    AuthInfoType (MQCFIN)
    Type of authentication information object. The following values are accepted:

      MQAIT_CRL_LDAP
      Authentication information objects specifying Certificate Revocation Lists held on LDAP servers.

      MQAIT_OCSP
      Authentication information objects specifying certificate revocation checking using OCSP.

      MQAIT_IDPW_OS
      Authentication information objects specifying certificate revocation checking using user ID and password checking through the operating system.

      MQAIT_IDPW_LDAP
      Authentication information objects specifying certificate revocation checking using user ID and password checking through an LDAP server.

      MQAIT_ALL
      Authentication information objects of any type.

    CommandScope (MQCFST)
    Command scope (parameter identifier: MQCACF_COMMAND_SCOPE). This parameter applies to z/OS only. Specifies how the command is executed when the queue manager is a member of a queue sharing group. We can specify one of the following:

    • Blank (or omit the parameter altogether). The command is executed on the queue manager on which it was entered.
    • Aqueue manager name. The command is executed on the queue manager you specify, providing it is active within the queue sharing group. If you specify a queue manager name other than the queue manager on which it was entered, we must be using a queue sharing group environment, and the command server must be enabled.
    • An asterisk (*). The command is executed on the local queue manager and is also passed to every active queue manager in the queue sharing group.

    The maximum length is MQ_QSG_NAME_LENGTH.

    We cannot use CommandScope as a parameter to filter on.

    IntegerFilterCommand (MQCFIF)
    Integer filter command descriptor. The parameter identifier must be any integer type parameter allowed in AuthInfoAttrs, except MQIACF_ALL. Use this parameter to restrict the output from the command by specifying a filter condition. See MQCFIF - PCF integer filter parameter for information about using this filter condition.

    If you specify an integer filter, we cannot also specify a string filter using the StringFilterCommand parameter.

    QSGDisposition (MQCFIN)
    Disposition of the object within the group (parameter identifier: MQIA_QSG_DISP). This parameter applies to z/OS only. Specifies the disposition of the object for which information is to be returned (that is, where it is defined and how it behaves). The value can be any of the following values:

      MQQSGD_LIVE
      The object is defined as MQQSGD_Q_MGR or MQQSGD_COPY. This value is the default value if the parameter is not specified.

      MQQSGD_ALL
      The object is defined as MQQSGD_Q_MGR or MQQSGD_COPY.

      If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with MQQSGD_GROUP.

      If MQQSGD_LIVE is specified or defaulted, or if MQQSGD_ALL is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).

      MQQSGD_COPY
      The object is defined as MQQSGD_COPY.

      MQQSGD_GROUP
      The object is defined as MQQSGD_GROUP. This value is permitted only in a shared queue environment.

      MQQSGD_Q_MGR
      The object is defined as MQQSGD_Q_MGR.

      MQQSGD_PRIVATE
      The object is defined as either MQQSGD_Q_MGR or MQQSGD_COPY. MQQSGD_PRIVATE returns the same information as MQQSGD_LIVE.

    We cannot use QSGDisposition as a parameter to filter on.

    StringFilterCommand (MQCFSF)
    String filter command descriptor. The parameter identifier must be any string type parameter allowed in AuthInfoAttrs, except MQCA_AUTH_INFO_NAME. Use this parameter to restrict the output from the command by specifying a filter condition. For information about using this filter condition, see MQCFSF - PCF string filter parameter.

    If you specify a string filter, we cannot also specify an integer filter using the IntegerFilterCommand parameter.

Parent topic: Definitions of the Programmable Command Formats