The NSS server is a z/OS® UNIX application; it requires the z/OS UNIX file system. The NSS server can be started from an MVS™ started procedure, from the z/OS shell, with the AUTOLOG statement in the TCP/IP profile, or by using the COMMNDxx member of PARMLIB. The NSS server must be started by a RACF-authorized user ID, and it must be in an APF-authorized library. For more information about how to start the NSS server, see Starting the NSS server.
The NSS server uses the MVS operator's console, syslogd, CTRACE, and STDOUT for its logging and tracing. The MVS operator's console and STDOUT are used for major events such as initialization, termination, and error conditions. Syslogd is used for logging events related to the processing of NSS requests. CTRACE is used for detailed tracing and debugging.
The NSS server uses a standard message catalog. The message catalog must be in the UNIX file system. The directory location for the message catalog path is set by the environment variables NLSPATH and LANG.
The NSS server uses ICSF and System SSL for encryption and key management services to provide certificate services to NSS IPSec clients. If the NSS IPSec clients are configured in FIPS 140 mode, you must also configure the NSS server in FIPS 140 mode so that it invokes ICSF and System SSL in FIPS 140 mode. This configuration is required for the entire system to be in FIPS 140 mode.