|
     |
To enable cryptographic hardware you need to enable the following CSFSERV
profiles for all client and server IDs in RACF:
RDEFINE CSFIQA CLASS(CSFSERV) UACC(NONE) RDEFINE CSF1TRC CLASS(CSFSERV) UACC(NONE) RDEFINE CSF1TRD CLASS(CSFSERV) UACC(NONE) RDEFINE CSF1SKE CLASS(CSFSERV) UACC(NONE) RDEFINE CSF1SKD CLASS(CSFSERV) UACC(NONE) RDEFINE CSFOWH CLASS(CSFSERV) UACC(NONE) PERMIT CSFIQA CLASS(CSFSERV) ID(*) ACCESS(READ) PERMIT CSF1TRC CLASS(CSFSERV) ID(*) ACCESS(READ) PERMIT CSF1TRD CLASS(CSFSERV) ID(*) ACCESS(READ) PERMIT CSF1SKE CLASS(CSFSERV) ID(*) ACCESS(READ) PERMIT CSF1SKD CLASS(CSFSERV) ID(*) ACCESS(READ) PERMIT CSFOWH CLASS(CSFSERV) ID(*) ACCESS(READ) SETROPTS CLASSACT(CSFSERV) SETROPTS RACLIST(CSFSERV) REFRESH
If possible, avoid defining the following SAF/RACF profile. Otherwise you must grant READ access to this profile for all client and server IDs:
CLASS(CRYPTOZ) CLEARKEY.SYSTOK-SESSION-ONLY
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information