CSFDUTIL reads through a CKDS or PKDS and generates a report for duplicate secure key tokens. Only authorized users should have access to the CSFDUTIL utility program. To make it difficult for an unauthorized person to execute the CSFDUTIL utility program, store the program in an APF-authorized library that is protected by the Security Server (RACF). Grant ICSF administrators access to the CSFDUTIL resource in the CSFSERV class.