Does ISKLMSRV's IBMSKLM.jar need to be in /usr/lpp/ISKLM/?

Technote (FAQ)


Question

How do you use IBMSKLM.jar in IBM Security Key Lifecycle Manager if you don't want to grant READ permission to /usr/lpp/ISKLM/?

Answer

While the ISKLM Program Directory states: "The file system in which you have installed IBM Security Key Lifecycle Manager for z/OS must be mounted in read-only mode during execution.", some sites do not grant this permission as a matter of policy. This makes adding /usr/lpp/ISKLM/IBMSKLM.jar to your classpath ineffective and will cause ICH408I permission errors at ISKLM start up.

There are a couple of alternatives:

1) per the IBM Security Key Lifecycle Manager for z/OS: Deployment and Migration Considerations Redpaper (REDP-4646-01) on page 4, you could copy the IBMSKLM jar file into the Java library extensions:

cp /usr/lpp/ISKLM/IBMSKLM.jar $JAVA_HOME/lib/ext

2) you could copy /usr/lpp/ISKLM/IBMSKLM.jar to ISKLM's home directory, under /u/isklmsrv/, then update ISKLMENV to look for the IBMISKLM.jar in /u/isklmsrv instead of /usr/lpp/ISKLM/

Cross reference information
Segment Product Component Platform Version Edition
Security IBM Security Key Lifecycle Manager for z/OS

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Key Lifecycle Manager for z/OS

Software version:

1.1

Operating system(s):

z/OS

Software edition:

Enterprise

Reference #:

1589279

Modified date:

2014-03-03

Translate my page

Machine Translation

Content navigation