Installable services
There are significant implications to changing installable services and
their components. For this reason, the installable services are read-only
in the WebSphere MQ Explorer. To change installable services in on Windows systems, use regedit or on UNIX systems use the Service stanza in the qm.ini
file.
For each component within a service, you must also specify the name and
path of the module containing the code for that component. On UNIX systems, use
the ServiceComponent stanza for this.
- Name=AuthorizationService|NameService
-
The name of the required service.
- AuthorizationService
- For WebSphere MQ, the Authorization Service component is known as the Object
Authority Manager, or OAM.
The AuthorizationService stanza and
its associated ServiceComponent stanza are added automatically
when the queue manager is created. Add other ServiceComponent stanzas
manually.
- NameService
- No name service is provided by default. If you require a name
service, you must add the NameService stanza manually.
- EntryPoints=number-of-entries
-
The number of entry points defined for
the service. This includes the initialization and termination entry points.
- SecurityPolicy=Default|NTSIDsRequired (WebSphere MQ for Windows only)
- The SecurityPolicy attribute applies only if the service specified is
the default authorization service, that is, the OAM. The SecurityPolicy attribute
allows you to specify the security policy for each queue manager. The possible
values are:
- Default
- Use the default security policy to take effect. If a Windows security
identifier (NT SID) is not passed to the OAM for a particular user ID, an
attempt is made to obtain the appropriate SID by searching the relevant security
databases.
- NTSIDsRequired
- Pass an NT SID to the OAM when performing security checks.
See Windows security identifiers (SIDs) for more information.
- SharedBindingsUserId=user-type
- The SharedBindingsUserId attribute applies only if the service
specified is the default authorization service, that is, the OAM. The SharedBindingsUserId
attribute is used with relation to shared bindings only. This value allows
you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective
user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER
function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
- Default
- The value of the UserIdentifier field is set as the real user
Id.
- Real
- The value of the UserIdentifier field is set as the real user
Id.
- Effective
- The value of the UserIdentifier field is set as the effective
user Id.
- FastpathBindingsUserId=user-type
- The FastpathBindingsUserId attribute applies only if the service specified
is the default authorization service, that is, the OAM. The FastpathBindingsUserId
attribute is used with relation to fastpath bindings only. This value allows
you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective
user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER
function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
- Default
- The value of the UserIdentifier field is set as the real user
Id.
- Real
- The value of the UserIdentifier field is set as the real user
Id.
- Effective
- The value of the UserIdentifier field is set as the effective
user Id.
- IsolatedBindingsUserId =user-type
- The IsolatedBindingsUserId attribute applies only if the service specified
is the default authorization service, that is, the OAM. The IsolatedBindingsUserId
attribute is used with relation to isolated bindings only. This value allows
you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective
user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER
function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
- Default
- The value of the UserIdentifier field is set as the effective
user Id.
- Real
- The value of the UserIdentifier field is set as the real user
Id.
- Effective
- The value of the UserIdentifier field is set as the effective
user Id.
For more information about installable services and components, see WebSphere MQ installable services and the API exit.
For more information about security services in general, see WebSphere MQ security.
Service components
You need to specify service component information when you add
a new installable service. On Windows systems use regedit, and
on UNIX systems use the ServiceComponent stanza in the qm.ini file.
The authorization service stanza is present by default, and the associated
component, the OAM, is active.
- Service=service_name
-
The name of the required service. This
must match the value specified on the Name attribute of the Service
configuration information.
- Name=component_name
-
The descriptive name of the service
component. This must be unique and contain only characters that are valid
for the names of WebSphere MQ objects (for example, queue names). This name occurs
in operator messages generated by the service. We recommend that this name
begins with a company trademark or similar distinguishing string.
- Module=module_name
- The name of the module to contain the code for this component. This
must be a full path name.
- ComponentDataSize=size
- The size, in bytes, of the component data area passed to the component
on each call. Specify zero if no component data is required.
For more information about installable services and components, see WebSphere MQ installable services and the API exit.