z/OS Cryptographic Services ICSF System Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Installation Options Data Set

z/OS Cryptographic Services ICSF System Programmer's Guide
SA22-7520-17

  • CKTAUTH - decides if authentication will be performed for every CKDS record read from DASD. With a large CKDS, CKTAUTH(YES) could cause an impact to performance.
  • PKDSCACHE - no longer supported, but tolerated.
  • COMPENC - no longer supported, but tolerated.
  • DOMAIN - this parameter is optional. It is required if more than one domain is specified as the usage domain on the PR/SM panels or if running in native mode.

    On a z990 or z890, if a PCI Cryptographic Accelerator, PCIXCC, CEX2C, or CEX3C is not available, or on a z9 EC, z9 BC, z10 EC, z10 BC, or z196 if a CEX2A, CEX2C, CEX3A, or CEX3C is not available, the DOMAIN parameter is not required. If a PCICA, PCIXCC, CEX2A, CEX2C, CEX3A, or CEX3C is available, the DOMAIN parameter is required if more than one domain is specified as the usage domain on the PR/SM panels. If only one usage domain is assigned to the LPAR, the DOMAIN parameter is optional.

  • SYSPLEXCKDS - this parameter is optional. It specifies whether this system, if a member of a multi-system sysplex using a shared CKDS, should participate in XCF signalling in order to maintain consistency of the CKDS data across the sysplex.
  • SYSPLEXPKDS - this parameter is optional. It specifies whether this system, if a member of a multi-system sysplex using a shared PKDS, should participate in XCF signalling in order to maintain consistency of the PKDS data across the sysplex.
  • SYSPLEXTKDS - this parameter is optional. It specifies whether this system, if a member of a multi-system sysplex using a shared TKDS, should participate in XCF signalling in order to maintain consistency of the TKDS data across the sysplex.
  • TKDSN - this parameter is the name of an existing TKDS or an empty VSAM data set to be used as the TKDS.
  • TRACEENTRY - the supported boundary values for this parameter have been changed to a minimum of 10000 and a maximum of 500000. Values outside of this range are tolerated, but automatically adjusted to 10000.
  • DEFAULTWRAP - this parameter is optional. The parameter defines the wrapping method of DES key tokens in ICSF. The ORIGINAL method is ECB for DES keys. The ENHANCED method is ANSI X9.24 compliant. The key value is bundled with other data and encrypted using the CBC mode. The default wrapping method is defined independently for internal and external tokens

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014