How do you use IBMSKLM.jar in IBM Security Key Lifecycle Manager if you don't want to grant READ permission to /usr/lpp/ISKLM/?
While the ISKLM Program Directory states: "The file system in which you have installed IBM Security Key Lifecycle Manager for z/OS must be mounted in read-only mode during execution.", some sites do not grant this permission as a matter of policy. This makes adding /usr/lpp/ISKLM/IBMSKLM.jar to your classpath ineffective and will cause ICH408I permission errors at ISKLM start up.
There are a couple of alternatives:
1) per the IBM Security Key Lifecycle Manager for z/OS: Deployment and Migration Considerations Redpaper (REDP-4646-01) on page 4, you could copy the IBMSKLM jar file into the Java library extensions:
cp /usr/lpp/ISKLM/IBMSKLM.jar $JAVA_HOME/lib/ext
2) you could copy /usr/lpp/ISKLM/IBMSKLM.jar to ISKLM's home directory, under /u/isklmsrv/, then update ISKLMENV to look for the IBMISKLM.jar in /u/isklmsrv instead of /usr/lpp/ISKLM/
|Security||IBM Security Key Lifecycle Manager for z/OS|