DISPLAY AUTHINFO

Use the MQSC command DISPLAY AUTHINFO to display the attributes of an authentication information object.

Using MQSC commands

For information on how you use MQSC commands, see Performing local administration tasks using MQSC commands.

IBM® i UNIX and Linux® Windows z/OS®
X X X 2CR

For an explanation of the symbols in the z/OS column, see Using commands on z/OS.

Synonym: DIS AUTHINFO

DISPLAY AUTHINFO

Read syntax diagramSkip visual syntax diagram DISPLAY AUTHINFO ( generic-authentication-information-object-name ) WHERE(FilterCondition) ALL AUTHTYPE(ALL)AUTHTYPE(CRLLDAP)AUTHTYPE(IDPWLDAP)1AUTHTYPE(IDPWOS)AUTHTYPE(OCSP)CMDSCOPE(' ')CMDSCOPE(qmgr-name)2CMDSCOPE(*)23QSGDISP(LIVE)QSGDISP(ALL)QSGDISP(QMGR)QSGDISP(COPY)QSGDISP(GROUP)2QSGDISP(PRIVATE)3Requested attrs
Requested attrs
Read syntax diagramSkip visual syntax diagram,ADOPTCTXALTDATEALTTIMEAUTHENMD4AUTHORMD5AUTHTYPEBASEDNG5BASEDNUCHCKCLNTCHCKLOCLCLASSGRP5CLASSUSRCONNAMEDESCRFAILDLAYFINDGRP5GRPFIELD5LDAPPWDLDAPUSERNESTGRP5OCSPURLSECCOMMSHORTUSRUSRFIELD
Notes:
  • 1 Not valid on IBM MQ for z/OS.
  • 2 Valid only when the queue manager is a member of a queue-sharing group. You can use queue-sharing groups only on IBM MQ for z/OS.
  • 3 Valid only on z/OS.
  • 4 Not valid on z/OS and AUTHENMD PAM value valid only on UNIX platforms.
  • 5 Not valid on Windows.

Parameter descriptions for DISPLAY AUTHINFO

(generic-authentication-information-object-name)
The name of the authentication information object to be displayed (see Rules for naming IBM MQ objects ). A trailing asterisk (*) matches all authentication information objects with the specified stem followed by zero or more characters. An asterisk (*) on its own specifies all authentication information objects.
WHERE
Specify a filter condition to display only those authentication information objects that satisfy the selection criterion of the filter condition. The filter condition is in three parts: filter-keyword, operator, and filter-value:
filter-keyword
Almost any parameter that can be used to display attributes for this DISPLAY command. However, you cannot use the CMDSCOPE or QSGDISP parameters as filter keywords.
operator
This is used to determine whether an authentication information object satisfies the filter value on the given filter keyword. The operators are:
LT
Less than
GT
Greater than
EQ
Equal to
NE
Not equal to
LE
Less than or equal to
GE
Greater than or equal to
LK
Matches a generic string that you provide as a filter-value
NL
Does not match a generic string that you provide as a filter-value
filter-value
The value that the attribute value must be tested against using the operator. Depending on the filter-keyword, this can be:
  • An explicit value, that is a valid value for the attribute being tested.

    You can use any of the operators except LK and NL.

  • A generic value. This is a character string (such as the character string you supply for the DESCR parameter) with an asterisk at the end, for example ABC*. The characters must be valid for the attribute you are testing. If the operator is LK, all items where the attribute value begins with the string (ABC in the example) are listed. If the operator is NL, all items where the attribute value does not begin with the string are listed. You cannot use a generic filter-value with numeric values. Only a single trailing wildcard character (asterisk) is permitted.

    You can only use operators LK or NL for generic values on the DISPLAY AUTHINFO command.

ALL
Specify this to display all the parameters. If this parameter is specified, any parameters that are requested specifically have no effect; all parameters are still displayed.

This is the default if you do not specify a generic name and do not request any specific parameters.

[z/OS]On z/OS this is also the default if you specify a filter condition using the WHERE parameter, but on other platforms only requested attributes are displayed.

[z/OS]CMDSCOPE
[z/OS] This parameter applies to z/OS only and specifies how the command is executed when the queue manager is a member of a queue-sharing group.
CMDSCOPE must be blank, or the local queue manager, if QSGDISP is set to GROUP.
' '
The command is executed on the queue manager on which it was entered. This is the default value.
qmgr-name
The command is executed on the queue manager you specify, providing the queue manager is active within the queue-sharing group.

You can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue-sharing group environment and if the command server is enabled.

*
The command is executed on the local queue manager and is also passed to every active queue manager in the queue-sharing group. The effect of this is the same as entering the command on every queue manager in the queue-sharing group.

You cannot use CMDSCOPE as a filter keyword.

AUTHTYPE
Specifies the authentication information type of the objects for which information is to be displayed. Values are:
ALL
This is the default value and displays information for objects defined with AUTHTYPE(CRLLDAP) and with AUTHTYPE(OCSP).
CRLLDAP
Displays information only for objects defined with AUTHTYPE(CRLLDAP).
IDPWLDAP
Displays information only for objects defined with AUTHTYPE(IDPWLDAP).
IDPWOS
Displays information only for objects defined with AUTHTYPE(IDPWOS).
OCSP
Displays information only for objects defined with AUTHTYPE(OCSP).
[z/OS]QSGDISP
[z/OS] Specifies the disposition of the objects for which information is to be displayed. Values are:
LIVE
This is the default value and displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).
ALL
Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY).

If there is a shared queue manager environment, and the command is being executed on the queue manager where it was issued, this option also displays information for objects defined with QSGDISP(GROUP).

If QSGDISP(LIVE) is specified or defaulted, or if QSGDISP(ALL) is specified in a shared queue manager environment, the command might give duplicated names (with different dispositions).

COPY
Displays information only for objects defined with QSGDISP(COPY).
GROUP
Displays information only for objects defined with QSGDISP(GROUP). This is allowed only if there is a shared queue manager environment.
PRIVATE
Displays information for objects defined with QSGDISP(QMGR) or QSGDISP(COPY). Note that QSGDISP(PRIVATE) displays the same information as QSGDISP(LIVE).
QMGR
Displays information only for objects defined with QSGDISP(QMGR).
QSGDISP displays one of the following values:
QMGR
The object was defined with QSGDISP(QMGR).
GROUP
The object was defined with QSGDISP(GROUP).
COPY
The object was defined with QSGDISP(COPY).

You cannot use QSGDISP as a filter keyword.

Requested parameters

Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.

The default, if no parameters are specified (and the ALL parameter is not specified) is that the object names and their AUTHTYPEs, and, on z/OS, their QSGDISPs, are displayed.
ADOPTCTX
Displays the presented credentials as the context for this application.
ALTDATE
The date on which the definition was last altered, in the form yyyy-mm-dd
ALTTIME
The time at which the definition was last altered, in the form hh.mm.ss
[V8.0.0.3 Jun 2015]AUTHENMD
[V8.0.0.3 Jun 2015]Authentication method. Possible values are:
OS
Displays the traditional UNIX platforms password verification method permissions.
PAM
Displays the Pluggable Authentication Method permissions.

You can set the PAM value only on UNIX and Linux platforms.

[V8.0.0.2 Feb 2015]AUTHORMD
[V8.0.0.2 Feb 2015]Authorization method. Possible values are:
OS
Displays the operating system groups determining permissions
SEARCHGRP
Displays a group entry in the LDAP server, containing an attribute listing all the users belonging to that group.
SEARCHUSR
Displays a user entry in the LDAP server containing an attribute listing all the groups to which the user belongs.

This attribute is not applicable to Windows platforms.

AUTHTYPE
The type of the authentication information
[V8.0.0.2 Feb 2015]BASEDNG
[V8.0.0.2 Feb 2015]Displays the Base DN for groups.

This attribute is not applicable to Windows platforms.

BASEDNU
Displays the base distinguished name to search for users within the LDAP server.
CHCKLOCL or CHCKCLNT
These attributes are valid only for an AUTHTYPE of IDPWOS or IDPWLDAP . The possible values are:
NONE
Displays all locally bound applications that have no user ID and password authentication.
OPTIONAL
Displays the user IDs and passwords provided by an application. Note that it is not mandatory to provide these attributes. This option might be useful during migration, for example.
REQUIRED
Displays all applications providing a valid user ID and password.
REQDADM
Displays privileged users supplying a valid user ID and password, Non-privileged users are treated as with the OPTIONAL setting. See also the following note. [z/OS](This setting is not allowed on z/OS systems.)
[V8.0.0.2 Feb 2015]CLASSGRP
[V8.0.0.2 Feb 2015]Displays the LDAP object class for group records.

This attribute is not applicable to Windows platforms.

CLASSUSR
Displays the LDAP object class for user records within the LDAP repository.
CONNAME
The host name, IPv4 dotted decimal address, or IPv6 hexadecimal notation of the host on which the LDAP server is running. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
DESCR
Description of the authentication information object.
FAILDLAY
Delay in seconds before an authentication failure is returned to an application.
[V8.0.0.2 Feb 2015]FINDGRP
[V8.0.0.2 Feb 2015]Displays the name of the attribute within an LDAP entry to determine group membership.

This attribute is not applicable to Windows platforms.

[V8.0.0.2 Feb 2015]GRPFIELD
[V8.0.0.2 Feb 2015]Displays the LDAP attribute that represents a simple name for the group.

This attribute is not applicable to Windows platforms.

LDAPPWD
Password associated with the Distinguished Name of the user on the LDAP server. If nonblank, this is displayed as asterisks[z/OS] on all platforms except z/OS. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
LDAPUSER
Distinguished Name of the user on the LDAP server. Applies only to objects with AUTHTYPE(CRLLDAP) or AUTHTYPE(IDPWLDAP).
[V8.0.0.2 Feb 2015]NESTGRP
[V8.0.0.2 Feb 2015]Displays whether a group is a member of another group..

This attribute is not applicable to Windows platforms.

OCSPURL
The URL of the OCSP responder used to check for certificate revocation. Applies only to objects with AUTHTYPE(OCSP).
SECCOMM
Displays the method used to connect the LDAP server.
SHORTUSR
Displays the user record being used as a short name.
USRFIELD
Displays the user record being used in the LDAP user record, only if the user ID does not contain a qualifier.

See Usage notes for DEFINE AUTHINFO for more information about individual parameters.