Authorization service on UNIX systems

On these platforms:

Principal
Is a UNIX system user ID, or an ID associated with an application program running on behalf of a user.

Group
Is a UNIX system-defined collection of principals.

Authorizations can be granted or revoked at the group level only. A request to grant or revoke a user's authority updates the primary group for that user.

Configuring authorization service stanzas: UNIX systems

On UNIX systems, each queue manager has its own queue manager configuration file.

For example, on AIX, the default path and file name of the queue manager configuration file for queue manager QMNAME is /var/mqm/qmgrs/QMNAME/qm.ini.

The Service stanza and the ServiceComponent stanza for the default authorization component are added to qm.ini automatically, but can be overridden by mqsnoaut. Any other ServiceComponent stanzas must be added manually.

For example, the following stanzas in the queue manager configuration file define two authorization service components on WebSphere MQ for AIX:

Figure 39. UNIX authorization service stanzas in qm.ini

 Service:
    Name=AuthorizationService
    EntryPoints=7
 
 ServiceComponent:
    Service=AuthorizationService
    Name=MQ.UNIX.authorization.service
    Module=/usr/mqm/lib/amqzfu
    ComponentDataSize=0
 
 ServiceComponent:
    Service=AuthorizationService
    Name=user.defined.authorization.service
    Module=/usr/bin/udas01
    ComponentDataSize=96

The service component stanza (MQ.UNIX.authorization.service) defines the default authorization service component, the OAM. If you remove this stanza and restart the queue manager, the OAM is disabled and no authorization checks are made.


© IBM Corporation 1994, 2002. All Rights Reserved