Operating Advanced Message Security on z/OS

The Advanced Message Security address space accepts commands using the z/OS® MODIFY command.

To enter commands for the Advanced Message Security (AMS) address space, use the z/OS MODIFY command.

For example,


F qmgrAMSM, cmd

where qmgr is the prefix of the started task name.

Table 1 describes the MODIFY commands that are accepted:

Table 1. Advanced Message Security address space MODIFY commands
Command	Option	Description
DISPLAY		Display version information
REFRESH	KEYRING POLICY ALL	Refresh the key ring certificates, security policies, or both.
SMFAUDIT	SUCCESS FAILURE ALL	Set whether SMF auditing is required when AMS successfully protects or unprotects messages, when AMS fails to protect or unprotect messages, or both.
SMFTYPE	0 - 255	Set the SMF record type to be generated when AMS protects or unprotects messages. To disable SMF auditing specify a record type of 0.

Note: To specify an option it must be separated by a comma. For example:


F qmgrAMSM,REFRESH KEYRING
F qmgrAMSM,SMFAUDIT ALL
F qmgrAMSM,SMFTYPE 180

REFRESH command

Changes that are made effective by issuing the REFRESH command apply to applications that issue MQOPEN after the REFRESH command has completed. Existing applications that have a queue open, continue to use the options from when the application opened the queue. To use the new values, the application has to close and reopen the queue.

Starting and stopping AMS

You do not need to enter a command to start or stop the Advanced Message Security address space. The AMS address space is started automatically when the queue manager is started if AMS has been enabled with the SPLCAP parameter of CSQ6SYSP, and is stopped when the queue manager is stopped.