Description: Starting in z/OS V2R1, the IKE daemon and the NSS daemon perform additional status queries to ICSF. If ICSF is active and the CSFSERV class is active, the userids associated with IKED and NSSD must have READ access to the CSFIQF resource of the CSFSERV class. This access will allow IKED and NSSD to query ICSF.
| Element or feature: | Communications Server. |
| When change was introduced: | z/OS V2R1 |
| Applies to migration from: | z/OS V1R13 and z/OS V1R12. |
| Timing: | Before the first IPL of z/OS V2R1. |
| Is the migration action required? | Yes, if the IKE daemon or the NSS daemon will be started. |
| Target system hardware requirements: | None. |
| Target system software requirements: | None. |
| Other system (coexistence or fallback) requirements: | None. |
| Restrictions: | None. |
| System impacts: | None. |
| Related IBM Health Checker for z/OS check: | None. |
Steps to take: If the CSFSERV class is active, give READ access to the userids associated with IKED and NSSD to the CSFIQF resource within the CSFSERV class.
Reference information: See "See "Steps for preparing to run IP security" in Appendix E in z/OS V2R1.0 Communications Server: IP Configuration Guide.