Restrictions for trusted applications

The following restrictions apply to trusted applications:

  • We must explicitly disconnect trusted applications from the queue manager.
  • We must stop trusted applications before ending the queue manager with the endmqm command.
  • We must not use asynchronous signals and timer interrupts (such as sigkill) with MQCNO_FASTPATH_BINDING.
  • On all platforms, a thread within a trusted application cannot connect to a queue manager while another thread in the same process is connected to a different queue manager.
  • On UNIX and Linux systems you must use mqm as the effective userID and groupID for all MQI calls. We can change these IDs before making a non-MQI call requiring authentication (for example, opening a file), but we must change it back to mqm before making the next MQI call.
  • On IBM i:
    1. Trusted applications must run under the QMQM user profile. It is not sufficient that the user profile be a member of the QMQM group or that the program adopt QMQM authority. It might not be possible for the QMQM user profile to be used to sign on to interactive jobs, or to be specified in the job description for jobs running trusted applications. In this case one approach is to use the IBM i profile swapping API functions, QSYGETPH, QWTSETP, and QSYRLSPH to temporarily change the current user of the job to QMQM while the MQ programs run. Details of these functions, together with an example of their use, is provided in the Security APIs section of the IBM i System API Reference.
    2. Do not cancel trusted applications using System-Request Option 2, or by ending the jobs in which they are running using ENDJOB.

  • On Windows trusted 64-bit applications are not supported. If you try to run a trusted 64-bit application, it will be downgraded to a standard bound connection.
  • On UNIX and Linux systems trusted 32-bit applications are not supported. If you try to run a trusted 32-bit application, it will be downgraded to a standard bound connection.

Parent topic: Connect to a queue manager using the MQCONNX call