Home

 

Configure authorization service stanzas: Windows systems

 

On WebSphere MQ for Windows each queue manager has its own stanza in the registry.

The Service stanza and the ServiceComponent stanza for the default authorization component are added to the Registry automatically, but can be overridden using mqsnoaut. Any other ServiceComponent stanzas must be added manually.

We can also add the SecurityPolicy attribute using the WebSphere MQ services. The SsecurityPolicy attribute applies only if the service specified on the Service stanza is the authorization service, that is, the default OAM. The SecurityPolicy attribute allows you to specify the security policy for each queue manager. The possible values are:

Default

Specify Default if you want the default security policy to take effect. If a Windows security identifier (NT SID) is not passed to the OAM for a particular user ID, an attempt is made to obtain the appropriate SID by searching the relevant security databases.

NTSIDsRequired

Requires that an NT SID is passed to the OAM when performing security checks.

For more general information about security, see WebSphere MQ security.

The service component stanza, MQSeries.WindowsNT.auth.service defines the default authorization service component, the OAM. If you remove this stanza and restart the queue manager, the OAM is disabled and no authorization checks are made.

 

Parent topic:

Authorization service on Windows systems

fa16490_

 

Home