DISPLAY AUTHINFO
Use the MQSC command DISPLAY AUTHINFO to display the attributes of an authentication information object.
Using MQSC commands
For information on how you use MQSC commands, see Performing local administration tasks using MQSC commands.
IBM® i | UNIX and Linux® | Windows | z/OS® |
---|---|---|---|
2CR |
For an explanation of the symbols in the z/OS column, see Using commands on z/OS.
DISPLAY AUTHINFO
- 1 Not valid on IBM MQ for z/OS.
- 2 Valid only when the queue manager is a member of a queue-sharing group. You can use queue-sharing groups only on IBM MQ for z/OS.
- 3 Valid only on z/OS.
- 4 Not valid on z/OS and AUTHENMD PAM value valid only on UNIX platforms.
- 5 Not valid on Windows.
Parameter descriptions for DISPLAY AUTHINFO
- (generic-authentication-information-object-name)
- The name of the authentication information object to be displayed (see Rules for naming IBM MQ objects ). A trailing asterisk (*) matches all authentication information objects with the specified stem followed by zero or more characters. An asterisk (*) on its own specifies all authentication information objects.
- WHERE
-
Specify a filter condition to display only those authentication information objects that satisfy the selection criterion of the filter condition. The filter condition is in three parts: filter-keyword, operator, and filter-value:
- filter-keyword
- Almost any parameter that can be used to display attributes for this DISPLAY command. However, you cannot use the CMDSCOPE or QSGDISP parameters as filter keywords.
- operator
- This is used to determine whether an authentication information object satisfies the filter value on the given filter keyword. The operators are:
- LT
- Less than
- GT
- Greater than
- EQ
- Equal to
- NE
- Not equal to
- LE
- Less than or equal to
- GE
- Greater than or equal to
- LK
- Matches a generic string that you provide as a filter-value
- NL
- Does not match a generic string that you provide as a filter-value
- filter-value
- The value that the attribute value must be tested against using the operator. Depending on the filter-keyword, this can be:
- An explicit value, that is a valid value for the attribute being tested.
You can use any of the operators except LK and NL.
- A generic value. This is a character string (such as the character string you supply for the DESCR parameter) with an asterisk at the end, for example ABC*. The characters must be valid for the attribute you are testing. If the operator is LK, all items where the attribute value begins with the string (ABC in the example) are listed. If the operator is NL, all items where the attribute value does not begin with the string are listed. You cannot use a generic filter-value with numeric values. Only a single trailing wildcard character (asterisk) is permitted.
You can only use operators LK or NL for generic values on the DISPLAY AUTHINFO command.
- An explicit value, that is a valid value for the attribute being tested.
- ALL
-
Specify this to display all the parameters. If this parameter is specified, any
parameters that are requested specifically have no effect; all parameters are still displayed.
This is the default if you do not specify a generic name and do not request any specific parameters.
On z/OS this is also the default if you specify a filter condition using the WHERE parameter, but on other platforms only requested attributes are displayed.
- CMDSCOPE
-
This parameter applies to z/OS only and
specifies how the command is executed when the queue manager is a member of a queue-sharing group.
CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.
- ' '
- The command is executed on the queue manager on which it was entered. This is the default value.
- qmgr-name
- The command is executed on the queue manager you specify, providing the queue manager is active
within the queue-sharing group.
You can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue-sharing group environment and if the command server is enabled.
- *
- The command is executed on the local queue manager and is also passed to every active queue manager in the queue-sharing group. The effect of this is the same as entering the command on every queue manager in the queue-sharing group.
You cannot use CMDSCOPE as a filter keyword.
- AUTHTYPE
- Specifies the authentication information type of the objects for which information is to be displayed. Values are:
- ALL
- This is the default value and displays information for objects defined with AUTHTYPE(CRLLDAP) and with AUTHTYPE(OCSP).
- CRLLDAP
- Displays information only for objects defined with AUTHTYPE(CRLLDAP).
- IDPWLDAP
- Displays information only for objects defined with AUTHTYPE(IDPWLDAP).
- IDPWOS
- Displays information only for objects defined with AUTHTYPE(IDPWOS).
- OCSP
- Displays information only for objects defined with AUTHTYPE(OCSP).
- QSGDISP
-
Specifies the disposition of the objects for which information is to be displayed.
Values are:
- LIVE
- This is the default value and displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).
- ALL
- Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).
If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with QSGDISP(GROUP).
If QSGDISP(LIVE) is specified or defaulted, or if QSGDISP(ALL) is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).
- COPY
- Displays information only for objects defined with QSGDISP(COPY).
- GROUP
- Displays information only for objects defined with QSGDISP(GROUP). This is allowed only if there is a shared queue manager environment.
- PRIVATE
- Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY). Note that QSGDISP(PRIVATE) displays the same information as QSGDISP(LIVE).
- QMGR
- Displays information only for objects defined with QSGDISP(QMGR).
QSGDISP displays one of the following values:- QMGR
- The object was defined with QSGDISP(QMGR).
- GROUP
- The object was defined with QSGDISP(GROUP).
- COPY
- The object was defined with QSGDISP(COPY).
You cannot use QSGDISP as a filter keyword.
Requested parameters
Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.
- ADOPTCTX
- Displays the presented credentials as the context for this application.
- ALTDATE
-
The date on which the definition was last altered, in the form
yyyy-mm-dd
- ALTTIME
-
The time at which the definition was last altered, in the form
hh.mm.ss
- AUTHENMD
- Authentication method. Possible values are:
- OS
- Displays the traditional UNIX platforms password verification method permissions.
- PAM
- Displays the Pluggable Authentication Method permissions.
You can set the PAM value only on UNIX and Linux platforms.
- AUTHORMD
- Authorization method. Possible values are:
- OS
- Displays the operating system groups determining permissions
- SEARCHGRP
- Displays a group entry in the LDAP server, containing an attribute listing all the users belonging to that group.
- SEARCHUSR
- Displays a user entry in the LDAP server containing an attribute listing all the groups to which the user belongs.
This attribute is not applicable to Windows platforms.
- AUTHTYPE
- The type of the authentication information
- BASEDNG
- Displays the Base DN for groups.
This attribute is not applicable to Windows platforms.
- BASEDNU
- Displays the base distinguished name to search for users within the LDAP server.
- CHCKLOCL or CHCKCLNT
- These attributes are valid only for an AUTHTYPE of IDPWOS or IDPWLDAP . The possible values are:
- NONE
- Displays all locally bound applications that have no user ID and password authentication.
- OPTIONAL
- Displays the user IDs and passwords provided by an application. Note that it is not mandatory to provide these attributes. This option might be useful during migration, for example.
- REQUIRED
- Displays all applications providing a valid user ID and password.
- REQDADM
- Displays privileged users supplying a valid user ID and password, Non-privileged users are treated as with the OPTIONAL setting. See also the following note. (This setting is not allowed on z/OS systems.)
- CLASSGRP
- Displays the LDAP object class for group records.
This attribute is not applicable to Windows platforms.
- CLASSUSR
- Displays the LDAP object class for user records within the LDAP repository.
- CONNAME
- The host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- DESCR
- Description of the authentication information object.
- FAILDLAY
- Delay in seconds before an authentication failure is returned to an application.
- FINDGRP
- Displays the name of the attribute within an LDAP entry to determine group membership.
This attribute is not applicable to Windows platforms.
- GRPFIELD
- Displays the LDAP attribute that represents a simple name for the group.
This attribute is not applicable to Windows platforms.
- LDAPPWD
- Password associated with the Distinguished Name of the user on the LDAP server. If nonblank, this is displayed as asterisks on all platforms except z/OS. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- LDAPUSER
- Distinguished Name of the user on the LDAP server. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
- NESTGRP
- Displays whether a group is a member of another group..
This attribute is not applicable to Windows platforms.
- OCSPURL
- The URL of the OCSP responder used to check for certificate revocation. Applies only to objects with AUTHTYPE(OCSP).
- SECCOMM
- Displays the method used to connect the LDAP server.
- SHORTUSR
- Displays the user record being used as a short name.
- USRFIELD
- Displays the user record being used in the LDAP user record, only if the user ID does not contain a qualifier.
See Usage notes for DEFINE AUTHINFO for more information about individual parameters.