Restrictions for trusted applications
Restrictions that apply to trusted applications. Some restrictions apply to all platforms and others are platform specific.
T
- You must explicitly disconnect trusted applications from the queue manager.
- You must stop trusted applications before ending the queue manager with the endmqm command.
- You must not use asynchronous signals and timer interrupts (such as
sigkill) with MQCNO_FASTPATH_BINDING. - On all platforms, a thread within a trusted application cannot connect to a queue manager while another thread in the same process is connected to a different queue manager.
![[AIX]](ngaix.gif)
![[Linux]](nglinux.gif)
On AIX® and Linux® systems
you must use mqm as the effective userID and groupID for all MQI calls. You can change these IDs
before making a non-MQI call requiring authentication (for example, opening a file), but you must
change it back to mqm before making the next MQI call. ![[IBM i]](ngibmi.gif)
On IBM® i:- Trusted applications must run under the QMQM user profile. It is not sufficient that the user profile be a member of the QMQM group or that the program adopt QMQM authority. It might not be possible for the QMQM user profile to be used to sign on to interactive jobs, or to be specified in the job description for jobs running trusted applications. In this case one approach is to use the IBM i profile swapping API functions, QSYGETPH, QWTSETP, and QSYRLSPH to temporarily change the current user of the job to QMQM while the IBM MQ programs run. Details of these functions, together with an example of their use, is provided in the Security APIs section of the IBM iApplication programming interfaces documentation.
- Do not cancel trusted applications using System-Request Option 2, or by ending the jobs in which they are running using ENDJOB.
![[AIX, Linux, Windows]](ngalw.gif)
On AIX, Linux, and Windows systems trusted 32-bit
applications are not supported. If you try to run a trusted 32-bit application, it will be
downgraded to a standard bound connection.