Technote (FAQ)
Question
How do you use IBMSKLM.jar in IBM Security Key Lifecycle Manager if you don't want to grant READ permission to /usr/lpp/ISKLM/?
Answer
While the ISKLM Program Directory states: "The file system in which you have installed IBM Security Key Lifecycle Manager for z/OS must be mounted in read-only mode during execution.", some sites do not grant this permission as a matter of policy. This makes adding /usr/lpp/ISKLM/IBMSKLM.jar to your classpath ineffective and will cause ICH408I permission errors at ISKLM start up.
There are a couple of alternatives:
1) per the IBM Security Key Lifecycle Manager for z/OS: Deployment and Migration Considerations Redpaper (REDP-4646-01) on page 4, you could copy the IBMSKLM jar file into the Java library extensions:
cp /usr/lpp/ISKLM/IBMSKLM.jar $JAVA_HOME/lib/ext
2) you could copy /usr/lpp/ISKLM/IBMSKLM.jar to ISKLM's home directory, under /u/isklmsrv/, then update ISKLMENV to look for the IBMISKLM.jar in /u/isklmsrv instead of /usr/lpp/ISKLM/
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Security | IBM Security Key Lifecycle Manager for z/OS |
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.