After the necessary external security manager authorization has
been defined (see Step 2: Authorizing the IKE daemon to the external security manager),
the IKE daemon can be started from an MVS™ procedure,
from the z/OS® shell, or using
the AUTOLOG statement.
- You can start the IKE daemon procedure from the MVS operator console. A sample start procedure
is provided in SEZAINST(IKED).
- You can start the IKE daemon from the z/OS shell by starting OMVS and then issuing
the iked command.
- You can use the AUTOLOG statement to start the IKE daemon automatically
during TCP/IP initialization by inserting the name of the IKE daemon
start procedure into the AUTOLOG statement in the PROFILE.TCPIP data
set:
AUTOLOG
IKED
ENDAUTOLOG
Tips: - When implementing multiple stacks enabled for IP security, adding
an AUTOLOG statement for the IKE daemon might not be optimal. If the
IKE daemon is listed in an AUTOLOG statement of a stack's profile,
the IKE daemon is cancelled if it is already running when that stack
starts. In a multiple IP security stack environment, this could disrupt
traffic on other IP security stacks. Use another method to automate
starting the IKE daemon when the system is IPLed, such as using the
COMMNDxx member of PARMLIB. For more information about the use and
configuration of the COMMNDxx member of PARMLIB, see z/OS MVS Initialization and Tuning Reference.
- If you start the IKE daemon from the z/OS shell and you stop the shell environment
from scrolling, then when the daemon needs to display data to the
shell it might stop and wait indefinitely for the shell to scroll
and make output buffer space available for the data.
When running from an MVS procedure,
the environment variables can be set using the STDENV DD statement
in the IKE daemon procedure. For information concerning the environment
variables used by IKE daemon, see step 7 in Steps for configuring the IKE daemon.
The /var/ike/iked.pid is a temporary
IKE daemon pid file that the IKE daemon creates. This file contains
the process ID of the current invocation of the IKE daemon.
Restrictions: - If /var/ike/iked.pid is a symbolic link, it must have an owning
UID or GID that matches the EUID or EGID that is assigned to the IKE
daemon.
- If /var/ike/iked.pid is a hard link or the target of a hard link,
users that are outside the owner or group of the directory
in which /var/ike/iked.pid is stored cannot have write access
to the directory. Additionally, write access to /var/ike/iked.pid
must be limited to the owning UID or group, for example,
--w--w----permissions.