Operating Advanced Message Security on z/OS
The Advanced Message Security address space accepts commands using the z/OS® MODIFY command.
To enter commands for the Advanced Message Security (AMS) address space, use the z/OS MODIFY command.
F qmgrAMSM, cmd
where qmgr is the prefix of the started task name.
Table 1 describes the MODIFY commands that are accepted:
|DISPLAY||Display version information|
|Refresh the key ring certificates, security policies, or both.|
|Set whether SMF auditing is required when AMS successfully protects or unprotects messages, when AMS fails to protect or unprotect messages, or both.|
|SMFTYPE||0 - 255||Set the SMF record type to be generated when AMS protects or unprotects messages. To disable SMF auditing specify a record type of 0.|
F qmgrAMSM,REFRESH KEYRING F qmgrAMSM,SMFAUDIT ALL F qmgrAMSM,SMFTYPE 180
Changes that are made effective by issuing the REFRESH command apply to applications that issue MQOPEN after the REFRESH command has completed. Existing applications that have a queue open, continue to use the options from when the application opened the queue. To use the new values, the application has to close and reopen the queue.
Starting and stopping AMS
You do not need to enter a command to start or stop the Advanced Message Security address space. The AMS address space is started automatically when the queue manager is started if AMS has been enabled with the SPLCAP parameter of CSQ6SYSP, and is stopped when the queue manager is stopped.