Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Using import and export CP/SSCP KEK names z/OS Communications Server: SNA Network Implementation Guide SC27-3672-01 |
|
By using unique import and export KEKs, VTAM® may support other cryptographic products that implement CCA and provide you with a choice between ICSF and these other cryptographic products. VTAM appends a unique prefix and suffix to the CP/SSCP name that is used to reference import and export KEKs. To change the export and import KEKs in the CKDS of a host, you must also change these keys in the other host. Instead of bringing down sessions to change the master keys, you can force VTAM to temporarily use an alternate name that matches the new LU master key name. The user should update the LU master key in the CKDS at the CP/SSCP as soon as possible after being notified that the keys are changed. Note: For migration purposes, VTAM tries the CP/SSCP name again without the suffix if a request fails
because the KEK could not be found for the CP/SSCP name with the suffix.
This alleviates having to change the CKDS.
Follow these steps when using alternate KEK names for CPs and SSCPs:
|
Copyright IBM Corporation 1990, 2014
|