IP Services: Allow the IKE daemon and the NSS daemon access to the CSFIQF resource of the CSFSERV class if ICSF is to be used with IP security
Description
Starting in z/OS V2R1, the Internet Key Exchange daemon (IKED) and the NSS daemon perform additional status queries to ICSF. If ICSF is active and the CSFSERV class is active, the user IDs associated with IKED and NSSD must have READ access to the CSFIQF resource of the CSFSERV class. This access will allow IKED and NSSD to query ICSF.
Table 1 provides more details about this migration action. Use this information to plan your changes to the system.
| Element or feature: | Communications Server. |
|---|---|
| When change was introduced: | z/OS V2R1 |
| Applies to migration from: | z/OS V1R13. |
| Timing: | Before the first IPL of z/OS V2R2. |
| Is the migration action required? | Yes, if the IKE daemon or the NSS daemon will be started. |
| Target system hardware requirements: | None. |
| Target system software requirements: | None. |
| Other system (coexistence or fallback) requirements: | None. |
| Restrictions: | None. |
| System impacts: | None. |
| Related IBM Health Checker for z/OS check: | None. |
Steps to take
If the CSFSERV class is active, give READ access to the user IDs associated with IKED and NSSD to the CSFIQF resource within the CSFSERV class.
Reference information
For more information, see "Steps for preparing to run IP security" in Appendix E in z/OS Communications Server: IP Configuration Guide.