The commands used to authorize the IKE daemon to RACF® are in EZARACF in the SEZAINST data set.
Perform the following steps to authorize the IKE daemon to RACF:
ADDUSER IKED DFLTGRP(OMVSGRP) NOPASSWORD OMVS(UID(0) HOME('/'))
RDEFINE STARTED IKED.* STDATA(USER(IKED))
PERMIT BPX.DAEMON CLASS(FACILITY) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(STARTED) REFRESH
SETROPTS GENERIC(STARTED) REFRESH
ADDGROUP IKE OMVS(GID(931))
ADDUSER IKED DFLTGRP(IKE) OMVS(UID(300) HOME('/var/ike/')) NOPASSWORD
CONNECT IKED GROUP(IKE) UACC(READ)
RDEFINE STARTED IKED.* STDATA(USER(IKED))
PERMIT BPX.DAEMON CLASS(FACILITY) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(STARTED) REFRESH
SETROPTS GENERIC(STARTED) REFRESH
chmod 777 /var
mkdir /var/ike/
chown IKED /var/ike
chgrp IKE /var/ike
chmod 770 /var/ike
mkdir /var/sock/
chown 0 /var/sock
chmod 777 /var/sock
RDEFINE SERVAUTH EZB.PAGENT.sysname.*.IPSEC UACC(NONE)
PERMIT EZB.PAGENT.sysname.*.IPSEC CLASS(SERVAUTH) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(SERVAUTH) REFRESH
SETROPTS GENERIC(STARTED) REFRESH
RDEFINE FACILITY BPX.CONSOLE UACC(NONE)
PERMIT BPX.CONSOLE CLASS(FACILITY) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH
PERMIT SYS1.PARMLIB ID(IKED) ACCESS(READ)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(IKED) ACCESS(READ)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.GENCERT UACC(NONE)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(IKED) ACCESS(UPDATE)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(IKED) ACCESS(READ)
PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(IKED) ACCESS(CONTROL)
SETROPTS RACLIST(FACILITY) REFRESH
PERMIT BPX.STOR.SWAP CLASS(FACILITY) ID(IKED) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH