Installable services

There are significant implications to changing installable services and their components. For this reason, the installable services are read-only in the WebSphere MQ Explorer. To change installable services in on Windows systems, use regedit or on UNIX systems use the Service stanza in the qm.ini file.

For each component within a service, you must also specify the name and path of the module containing the code for that component. On UNIX systems, use the ServiceComponent stanza for this.

Name=AuthorizationService|NameService
The name of the required service.
AuthorizationService
For WebSphere MQ, the Authorization Service component is known as the Object Authority Manager, or OAM.

The AuthorizationService stanza and its associated ServiceComponent stanza are added automatically when the queue manager is created. Add other ServiceComponent stanzas manually.

NameService
No name service is provided by default. If you require a name service, you must add the NameService stanza manually.
EntryPoints=number-of-entries
The number of entry points defined for the service. This includes the initialization and termination entry points.
SecurityPolicy=Default|NTSIDsRequired (WebSphere MQ for Windows only)
The SecurityPolicy attribute applies only if the service specified is the default authorization service, that is, the OAM. The SecurityPolicy attribute allows you to specify the security policy for each queue manager. The possible values are:
Default
Use the default security policy to take effect. If a Windows security identifier (NT SID) is not passed to the OAM for a particular user ID, an attempt is made to obtain the appropriate SID by searching the relevant security databases.
NTSIDsRequired
Pass an NT SID to the OAM when performing security checks.

See Windows security identifiers (SIDs) for more information.

SharedBindingsUserId=user-type
The SharedBindingsUserId attribute applies only if the service specified is the default authorization service, that is, the OAM. The SharedBindingsUserId attribute is used with relation to shared bindings only. This value allows you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
Default
The value of the UserIdentifier field is set as the real user Id.
Real
The value of the UserIdentifier field is set as the real user Id.
Effective
The value of the UserIdentifier field is set as the effective user Id.
FastpathBindingsUserId=user-type
The FastpathBindingsUserId attribute applies only if the service specified is the default authorization service, that is, the OAM. The FastpathBindingsUserId attribute is used with relation to fastpath bindings only. This value allows you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
Default
The value of the UserIdentifier field is set as the real user Id.
Real
The value of the UserIdentifier field is set as the real user Id.
Effective
The value of the UserIdentifier field is set as the effective user Id.
IsolatedBindingsUserId =user-type
The IsolatedBindingsUserId attribute applies only if the service specified is the default authorization service, that is, the OAM. The IsolatedBindingsUserId attribute is used with relation to isolated bindings only. This value allows you to specify whether the UserIdentifier field in the IdentityContext structure, from the MQZ_AUTHENTICATE_USER function, is the effective user Id or the real user Id. For information on the MQZ_AUTHENTICATE_USER function, see MQZ_AUTHENTICATE_USER - Authenticate user. The possible values are:
Default
The value of the UserIdentifier field is set as the effective user Id.
Real
The value of the UserIdentifier field is set as the real user Id.
Effective
The value of the UserIdentifier field is set as the effective user Id.

For more information about installable services and components, see WebSphere MQ installable services and the API exit.

For more information about security services in general, see WebSphere MQ security.

Service components

You need to specify service component information when you add a new installable service. On Windows systems use regedit, and on UNIX systems use the ServiceComponent stanza in the qm.ini file.

The authorization service stanza is present by default, and the associated component, the OAM, is active.

Service=service_name
The name of the required service. This must match the value specified on the Name attribute of the Service configuration information.
Name=component_name
The descriptive name of the service component. This must be unique and contain only characters that are valid for the names of WebSphere MQ objects (for example, queue names). This name occurs in operator messages generated by the service. We recommend that this name begins with a company trademark or similar distinguishing string.
Module=module_name
The name of the module to contain the code for this component. This must be a full path name.
ComponentDataSize=size
The size, in bytes, of the component data area passed to the component on each call. Specify zero if no component data is required.

For more information about installable services and components, see WebSphere MQ installable services and the API exit.