DISPLAY CHLAUTH
Use the MQSC command DISPLAY CHLAUTH to display the attributes of a channel authentication record.
UNIX and Linux® | Windows |
---|---|
Parameters
- generic-channel-name
- The name of the channel or set of channels to display. You can use the asterisk (*) as a wildcard to specify a set of channels. When MATCH is RUNCHECK this parameter must not be generic.
- ADDRESS
- The IP address to be matched.
This parameter is valid only when MATCH is RUNCHECK and must not be generic.
- ALL
- Specify this parameter to display all attributes. If this keyword
is specified, any attributes that are requested specifically have
no effect; all attributes are still displayed.
This is the default behavior if you do not specify a generic name and do not request any specific attributes.
- CLNTUSER
- The client user ID to be matched.
This parameter is valid only when MATCH is RUNCHECK and must not be generic.
- CMDSCOPE
- This parameter applies to z/OS only and specifies
how the command is run when the queue manager is a member of a queue-sharing
group.
- ' '
- The command is run on the queue manager on which it was entered. This is the default value.
- qmgr-name
- The command is run on the queue manager you specify, providing
the queue manager is active within the queue-sharing group.
You can specify a queue manager name, other than the queue manager on which the command was entered, only if you are using a queue-sharing group environment and if the command server is enabled.
- *
- The command is run on the local queue manager and is also passed to every active queue manager in the queue-sharing group. The effect is the same as entering the command on every queue manager in the queue-sharing group.
- CUSTOM
- Reserved for future use.
- MATCH
- Indicates the type of matching to be applied.
- RUNCHECK
- Returns the record that will be matched by a specific inbound
channel at run time if it connects into this queue manager. The specific
inbound channel is described by providing values that are not generic
for:
- the channel name
- ADDRESS attribute
- SSLPEER attribute, only if the inbound channel will use SSL or TLS
- QMNAME or CLNTUSER attribute, depending on whether the inbound channel will be a client or queue manager channel
- EXACT
- Return only those records which exactly match the channel profile name supplied. If there are no asterisks in the channel profile name, this option returns the same output as MATCH(GENERIC).
- GENERIC
- Any asterisks in the channel profile name are treated as wild cards. If there are no asterisks in the channel profile name, this returns the same output as MATCH(EXACT). For example, a profile of ABC* could result in records for ABC, ABC*, and ABCD being returned.
- ALL
- Return all possible records that match the channel profile name supplied. If the channel name is generic in this case, all records that match the channel name are returned even if more specific matches exist. For example, a profile of SYSTEM.*.SVRCONN could result in records for SYSTEM.*, SYSTEM.DEF.*, SYSTEM.DEF.SVRCONN, and SYSTEM.ADMIN.SVRCONN being returned.
- QMNAME
- The name of the remote partner queue manager to be matched
This parameter is valid only when MATCH is RUNCHECK and must not be generic.
- SSLPEER
-
The Subject Distinguished Name of the certificate to be matched.
The SSLPEER value is specified in the standard form used to specify a Distinguished Name.
This parameter is valid only when MATCH is RUNCHECK and must not be generic.
- TYPE
- The type of Channel Authentication Record for which to display
details. Possible values are:
- ALL
- BLOCKUSER
- BLOCKADDR
- SSLPEERMAP
- ADDRESSMAP
- USERMAP
- QMGRMAP
- WHERE
- Specify a filter condition to display only those channel authentication
records that satisfy the selection criterion of the filter condition.
The filter condition is in three parts: filter-keyword, operator, and filter-value:
- filter-keyword
- Any parameter that can be used to display attributes for this DISPLAY command.
- operator
- This is used to determine whether a channel authentication record
satisfies the filter value on the given filter keyword. The operators
are as follows:
- LT
- Less than
- GT
- Greater than
- EQ
- Equal to
- NE
- Not equal to
- LE
- Less than or equal to
- GE
- Greater than or equal to
- LK
- Matches a generic string that you provide as a filter-value
- NL
- Does not match a generic string that you provide as a filter-value
- CT
- Contains a specified item. If the filter-keyword is a list, you can use this to display objects the attributes of which contain the specified item.
- EX
- Does not contain a specified item. If the filter-keyword is a list, you can use this to display objects the attributes of which do not contain the specified item.
- CTG
- Contains an item which matches a generic string that you provide as a filter-value. If the filter-keyword is a list, you can use this to display objects the attributes of which match the generic string.
- EXG
- Does not contain any item which matches a generic string that you provide as a filter-value. If the filter-keyword is a list, you can use this to display objects the attributes of which do not match the generic string.
- filter-value
- The value that the attribute value must be tested against using
the operator. Depending on the filter-keyword, the value can be either
explicit or generic:
- An explicit value, that is a valid value for the attribute being
tested.
You can use any of the operators except LK and NL. However, if the value is one from a possible set of values returnable on a parameter (for example, the value ALL on the MATCH parameter), you can only use EQ or NE.
- A generic value. This is a character string with an asterisk at
the end, for example ABC*. The characters must be valid for the attribute
you are testing. If the operator is LK, all items where the attribute
value begins with the string (ABC in the example) are listed. If the
operator is NL, all items where the attribute value does not begin
with the string are listed. You cannot use a generic filter-value
for parameters with numeric values or with one of a set of values.
You can only use operators LK or NL for generic values.
- An item in a list of values. The value can be explicit or, if it is a character value, it can be explicit or generic. If it is explicit, use CT or EX as the operator. For example, if the value DEF is specified with the operator CT, all items where one of the attribute values is DEF are listed. If it is generic, use CTG or EXG as the operator. If ABC* is specified with the operator CTG, all items where one of the attribute values begins with ABC are listed.
- An explicit value, that is a valid value for the attribute being
tested.
Requested parameters
Specify one or more parameters that define the data to be displayed. The parameters can be specified in any order, but do not specify the same parameter more than once.
- TYPE
- The type of channel authentication record
- SSLPEER
- The Distinguished Name of the certificate.
- ADDRESS
- The IP address
- CLNTUSER
- The client asserted user ID
- QMNAME
- The name of the remote partner queue manager
- MCAUSER
- The user identifier to be used when the inbound connection matches the SSL DN, IP address, client asserted user ID or remote queue manager name supplied.
- ADDRLIST
- A list of IP address patterns which are banned from connecting into this queue manager on any channel.
- USERLIST
- A list of user IDs which are banned from use of this channel or set of channels.
- ALTDATE
- The date on which the channel authentication record was last altered, in the format yyyy-mm-dd.
- ALTTIME
- The time on which the channel authentication record was last altered, in the form hh.mm.ss.
- DESCR
- Descriptive information about the channel authentication record.
- CUSTOM
- Reserved for future use.