I've been rereading the redbook we prepared last September, and I don't find any explicit text to this issue, even though I remember we discussed this a bit. Being almost Unix illiterate, I wanted an "as much VM as possible" solution for the redbook audience and probably this is how I solved the authorisation problem: openvm owner /../VMBFS:VMSYSL:LDAPSRV/ = LDAPSRV Something that sound logical to me: LDAPSRV being the owner of all that's in the LDAPSRV file space. For TCPMAINT I asked to set POSIXINFO fsroot /../VMBFS:VMSYS:ROOT/ UID 0 GNAME system in the CP directory entry of TCPMAINT. So it can do anything in BFS, like creating the key ring for LDAPSRV. I guess I should have explained why.
2009/5/21 Dave Keeton <dave.kee...@state.or.us>: > I am having difficulty with the password envelope portion of the LDAP & RACF > configuration. I have created my keyring, created my certificates, exported > certificates... but when I attempt to test it by changing the OPERATNS > user's password (which should cause the password to be enveloped, I get the > following error in LDAPSRV's console: > > IRRC130I SYSTEM SSL FUNCTION '2'X RETURNED ERROR CODE '3353009'X DURING > OPERATION NUMBER '4'X WHILE PROCESSING THE PASSWORD ENVELOPE FOR USER > OPERATNS. > > The possible cause, according to IBM, is "The key database or the stash file > is not found." When I look at the BFS directory, I can see the files, but I > have to wonder if the permissions are correct: > > Directory = '/' > User ID Group Name Permissions Type Path name component > ldapsrv DEFAULT rwx r-- --- D 'gdbm' > ldapsrv DEFAULT rwx r-- --- D 'ldbm' > ldapsrv DEFAULT rwx r-- --- D 'schema' > tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING' > tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING.rdb' > tcpmaint DEFAULT rw- --- --- F 'IRR.PWENV.KEYRING.sth' > tcpmaint DEFAULT rw- r-- r-- F 'LDAPssl_VM5.b64' > > It looks to me as though only TCPMAINT is able to read & write to the > keyring files. > > Anyone have any ideas? > > Thanks, > Dave > > -- Kris Buelens, IBM Belgium, VM customer support