Jim,
Did you enroll the ROOT, SSLSERV, and GSKSSLDB BFS filespaces in your
SFS server? Did you create the objects that go in those filespaces?
Take a look at your starter system to see what they should look like. I
did my z/VM 5.4.0 upgrade by rotating in a new sysres set, so all that
was done for me.
Dennis O'Brien
39,516
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[email protected]] On
Behalf Of Jim Bohnsack
Sent: Friday, March 20, 2009 10:13
To: [email protected]
Subject: [IBMVM] BFS SSLSERV question
I have a dumb question and a long posting. Sorry. We have SSLSERV
working on our 2nd lvl z/VM 5.4 system, the one I loaded from the IBM
DDR. I always bring up a new release on a 2nd level id and then move
code piece by piece to our production systems. Almost everything is
moved, but I am up against a brick wall with SSLSERV. I think it is a
problem with BFS and my total lack of knowledge about BFS. I've never
used BFS, so I suspect that I'm just missing something very obvious to
anyone who knows anything at all about BFS.
The GSKADMIN and SSLSERV userid's are defined along with the RACF
SECURITY class as it was in the RACF db from IBM. GSKADMIN and SSLSERV
are connected to SECURITY. I've done the "rac alu sslserv ovm(uid(7))",
"rac alu gskadmin ovm(uid(6))", and "rac alg security ovm(gid(7))". The
directory entries for GSKADMIN and SSLSERV have the following POSIXINFO
entries, respectively:
POSIXINFO UID 6 GNAME security
POSIXINFO UID 7 GNAME security
Where I seem to be having a problem is in following the step by step
procedures in chapter 20 of TCP/IP Plng and Cust. Step 4B sends me to
Ch 15 of the TCPIP LDAP Admin. Guide. When I logon to GSKADMIN to use
GSKKYMAN to create a new database, I get the messages:
Profile..: Setting up BFS
environment...
Profile..: Determining what is currently
mounted...
Nothing is
mounted
Profile..: Mounting root file
system...
Profile..: Mounting GSKSSLDB file space at:
/etc/gskadm/
Object does not exist:
'/etc/gskadm/'
Profile--> Unexpected error from command: OPENVM MOUNT
/../VMBFS:VMSYS:GSKSSLDB/
/etc/gskadm/
Profile..: RC =
28
Ready; T=0.04/0.07 09:16:20
which I guess are reasonable because I haven't created the database yet.
GSKKYMAN gives me the database menu and my replies are as follows:
Enter key database name (press ENTER to return to menu):
/etc/gskADM/KeyDBT.kdb
Enter database password (press ENTER to return to menu):
Re-enter database password:
Enter password expiration in days (press ENTER for no expiration):
Enter database record length (press ENTER to use 5000):
Unable to create database /etc/gskADM/KeyDBT.kdb.
Status 0x0335303f - Database open failed.
Press ENTER to continue.
This is the point, above, where the results are different from doing
this on the 2nd lvl system from IBM.
DTCPARMS has the following :nick.SSL entry:
:nick.SSL :type.class
:name.SSL daemon
:command.VMSSL
:runtime.C
:diskwarn.YES
:Admin_ID_list.JAB282 MAB GSKADMIN
:memory.256M
:mixedcaseparms.YES
:mount. /../VMBFS:VMSYS:ROOT/ / ,
/../VMBFS:VMSYS:SSLSERV/ /tmp ,
/../VMBFS:VMSYS:GSKSSLDB/ /etc/gskadm
I'm sure that what is wrong to anyone who knows anything about BFS, but
that excludes me. I would appreciate any help.
Jim
--
Jim Bohnsack
Cornell University
(972) 596-6377 home/office
(972) 342-5823 cell
[email protected]
