Starting the IKE daemon

After the necessary external security manager authorization has been defined (see Step 2: Authorizing the IKE daemon to the external security manager), the IKE daemon can be started from an MVS™ procedure, from the z/OS® shell, or using the AUTOLOG statement.

You can start the IKE daemon procedure from the MVS operator console. A sample start procedure is provided in SEZAINST(IKED).
You can start the IKE daemon from the z/OS shell by starting OMVS and then issuing the iked command.
You can use the AUTOLOG statement to start the IKE daemon automatically during TCP/IP initialization by inserting the name of the IKE daemon start procedure into the AUTOLOG statement in the PROFILE.TCPIP data set:
```
AUTOLOG
  IKED
ENDAUTOLOG
```
Tips:
- When implementing multiple stacks enabled for IP security, adding an AUTOLOG statement for the IKE daemon might not be optimal. If the IKE daemon is listed in an AUTOLOG statement of a stack's profile, the IKE daemon is cancelled if it is already running when that stack starts. In a multiple IP security stack environment, this could disrupt traffic on other IP security stacks. Use another method to automate starting the IKE daemon when the system is IPLed, such as using the COMMNDxx member of PARMLIB. For more information about the use and configuration of the COMMNDxx member of PARMLIB, see z/OS MVS Initialization and Tuning Reference.
- If you start the IKE daemon from the z/OS shell and you stop the shell environment from scrolling, then when the daemon needs to display data to the shell it might stop and wait indefinitely for the shell to scroll and make output buffer space available for the data.

When running from an MVS procedure, the environment variables can be set using the STDENV DD statement in the IKE daemon procedure. For information concerning the environment variables used by IKE daemon, see step 7 in Steps for configuring the IKE daemon.

Start of change The /var/ike/iked.pid is a temporary IKE daemon pid file that the IKE daemon creates. This file contains the process ID of the current invocation of the IKE daemon. End of change

Restrictions: Start of change

If /var/ike/iked.pid is a symbolic link, it must have an owning UID or GID that matches the EUID or EGID that is assigned to the IKE daemon.
If /var/ike/iked.pid is a hard link or the target of a hard link, users that are outside the owner or group of the directory in which /var/ike/iked.pid is stored cannot have write access to the directory. Additionally, write access to /var/ike/iked.pid must be limited to the owning UID or group, for example, --w--w----permissions.