z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Using the Duplicate Token Utility

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

There is no panel interface to this utility. The key data set must be specified as either a CKDS or a PKDS.

  1. Invoke the program as a batch job
  2. You must have READ authority to the CSFDUTIL resource in the CSFSERV class.

    To generate a report for a CKDS with the fully qualified data set name of ICSF.HCR7751.CKDS, use this JCL example:

    //DUTIL     EXEC PGM=CSFDUTIL
//SYSOUT    DD SYSOUT=*   
//SYSIN     DD *
  CKDSN(ICSF.HCR7751.CKDS)
/*
//

The supported option is either: 

CKDSN(fully-qualified-CKDS-name)

      or

PKDSN(fully-qualified-PKDS-name)

When you invoke the program as a batch job, you receive the return and reason code in a message when the job completes. The return codes are explained in Return and reason codes for the CSFDUTIL program.

The data set name is assumed to be fully-qualified.

Note: Prior to analyzing the current CKDS or PKDS, consider temporarily disallowing dynamic CKDS and PKDS update services. For more information, refer to "Steps for disallowing dynamic CKDS updates during KGUP updates". If the analysis is to be performed on a CKDS or PKDS which is shared by members of a sysplex, dynamic updates of the CKDS and PKDS should be disabled on all sysplex systems until the analysis job is complete.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014