Forgive me if I have misunderstood you but in order to use the DCE exit you need to have an existing, running DCE infrastructure. This is an extremely non-trivial piece of work and includes such things as a DCE directory service as well as a DCE security server etc (I've now reached the extent of my knowledge of DCE!).
You talk aboutboth logon and encryption. I haven't looked at the DCE exit but these would normally be handled at two levels by MQSeries - the (so-called) Security Channel exit and by the Send and Receive exits (or possibly a Message channel exit). The Security exit would handle logon and authentication and the others would do the encryption (and message signing/authentication if you needed it).
It is perfectly possible to use the same piece of code to do both jobs but I wouldn't generally recommend it.
Channel exits in themselves are not complicated although for the Security exit you need to get your exchange sequence sorted out.
I wrote a Security exit for OS/390, Solaris and WinNT which uses DES to encrypt a random string and challenges the other end to decrypt it - simple but for my purposes adequate authentication. If you think it would help, e-mail me for a copy at mqs@moonray.org. Alternatively there are a few similar exits knocking about on the Web including a Support pac which uses Entrust's toolkit.
Finally, check out the IBM Redbook on MQ Security exits.
Hope this helps,
Paul [sig][/sig]
