Restrictions for trusted applications

The following restrictions apply to trusted applications:

  • You must explicitly disconnect trusted applications from the queue manager.
  • You must stop trusted applications before ending the queue manager with the endmqm command.
  • You must not use asynchronous signals and timer interrupts (such as sigkill) with MQCNO_FASTPATH_BINDING.
  • On all platforms, a thread within a trusted application cannot connect to a queue manager while another thread in the same process is connected to a different queue manager.
  • On IBM MQ on UNIX and Linux systems you must use mqm as the effective userID and groupID for all MQI calls. We can change these IDs before making a non-MQI call requiring authentication (for example, opening a file), but you must change it back to mqm before making the next MQI call.
  • On IBM MQ for IBM i:
    1. Trusted applications must run under the QMQM user profile. It is not sufficient that the user profile be a member of the QMQM group or that the program adopt QMQM authority. It might not be possible for the QMQM user profile to be used to sign on to interactive jobs, or to be specified in the job description for jobs running trusted applications. In this case one approach is to use the IBM i profile swapping API functions, QSYGETPH, QWTSETP, and QSYRLSPH to temporarily change the current user of the job to QMQM while the MQ programs run. Details of these functions, together with an example of their use, is provided in the Security APIs section of the IBM i System API Reference.
    2. Do not cancel trusted applications using System-Request Option 2, or by ending the jobs in which they are running using ENDJOB.
  • On IBM MQ for HP-UX, multithreaded fast-path applications are likely to need to set a larger stack size than the default. Use a size of 256 KB.
  • On IBM MQ for Windows trusted 64-bit applications are not supported. If you try to run a trusted 64-bit application, it will be downgraded to a standard bound connection.
  • On IBM MQ on UNIX and Linux systems trusted 32-bit applications are not supported. If you try to run a trusted 32-bit application, it will be downgraded to a standard bound connection.