I am having difficulty with the password envelope portion of the LDAP & RACF configuration. I have created my keyring, created my certificates, exported certificates... but when I attempt to test it by changing the OPERATNS user's password (which should cause the password to be enveloped, I get the following error in LDAPSRV's console:
IRRC130I SYSTEM SSL FUNCTION '2'X RETURNED ERROR CODE '3353009'X DURING OPERATION NUMBER '4'X WHILE PROCESSING THE PASSWORD ENVELOPE FOR USER OPERATNS. The possible cause, according to IBM, is "The key database or the stash file is not found." When I look at the BFS directory, I can see the files, but I have to wonder if the permissions are correct: Directory = '/' User ID Group Name Permissions Type Path name component ldapsrv DEFAULT rwx r-- --- D 'gdbm' ldapsrv DEFAULT rwx r-- --- D 'ldbm' ldapsrv DEFAULT rwx r-- --- D 'schema' tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING' tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING.rdb' tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING.sth' tcpmaint DEFAULT rw- r-- r-- F 'LDAPssl_VM5.b64' It looks to me as though only TCPMAINT is able to read & write to the keyring files. Anyone have any ideas? Thanks, Dave
