IBM Support What's New?

Does ISKLMSRV's IBMSKLM.jar need to be in /usr/lpp/ISKLM/?

Technote (FAQ)


Question

How do you use IBMSKLM.jar in IBM Security Key Lifecycle Manager if you don't want to grant READ permission to /usr/lpp/ISKLM/?

Answer

While the ISKLM Program Directory states: "The file system in which you have installed IBM Security Key Lifecycle Manager for z/OS must be mounted in read-only mode during execution.", some sites do not grant this permission as a matter of policy. This makes adding /usr/lpp/ISKLM/IBMSKLM.jar to your classpath ineffective and will cause ICH408I permission errors at ISKLM start up.

There are a couple of alternatives:

1) per the IBM Security Key Lifecycle Manager for z/OS: Deployment and Migration Considerations Redpaper (REDP-4646-01) on page 4, you could copy the IBMSKLM jar file into the Java library extensions:

cp /usr/lpp/ISKLM/IBMSKLM.jar $JAVA_HOME/lib/ext

2) you could copy /usr/lpp/ISKLM/IBMSKLM.jar to ISKLM's home directory, under /u/isklmsrv/, then update ISKLMENV to look for the IBMISKLM.jar in /u/isklmsrv instead of /usr/lpp/ISKLM/

Cross reference information
Segment Product Component Platform Version Edition
Security IBM Security Key Lifecycle Manager for z/OS

Document information

More support for: IBM Security Key Lifecycle Manager for z/OS

Software version: 1.1.0

Operating system(s): z/OS

Software edition: Enterprise

Reference #: 1589279

Modified date: 2016-02-25