Can you share a KEYRING in CA Top Secret with SMP/E Internet Service Retrieval?
Article ID: 126198
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Can you share KEYRINGs in CA Top Secret with IBM SMPE Internet Retrieval Service?
Can you share a keyring with a group instead of individual userids? And does the keyring always have to reference an individual userid, or can a generic id somehow be substituted?
Can you share a keyring with a group instead of individual userids? And does the keyring always have to reference an individual userid, or can a generic id somehow be substituted?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Each keyring must be added each user. You cannot share a keyring.
For those users that will be running SMPE Internet Retrieval, they will need a keyring called 'SMPRING' added to their acid. And the appropriate certificates must be added to that users keyring.
You will need to do this for every acid that will be using SMPE Internet Retrieval.
Currently there is no way to assign a keyring to a group and then attach that group to each user that will use SMPE Internet Retrieval.
If an application like SMPE Internet Retrieval has the ability to user another user's keyring instead of the user's keyring that was signed on to the batch job, then all your user's can share that user's keyring.
Not all application's have the ability to share and use a different user's keyring. Please refer to the products manual to determine if it has this functionality.
To authorize a user to read another user's keyring, they must be authorized for:
TSS PER(acid) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(UPDATE)
For those users that will be running SMPE Internet Retrieval, they will need a keyring called 'SMPRING' added to their acid. And the appropriate certificates must be added to that users keyring.
You will need to do this for every acid that will be using SMPE Internet Retrieval.
Currently there is no way to assign a keyring to a group and then attach that group to each user that will use SMPE Internet Retrieval.
If an application like SMPE Internet Retrieval has the ability to user another user's keyring instead of the user's keyring that was signed on to the batch job, then all your user's can share that user's keyring.
Not all application's have the ability to share and use a different user's keyring. Please refer to the products manual to determine if it has this functionality.
To authorize a user to read another user's keyring, they must be authorized for:
TSS PER(acid) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(UPDATE)
Feedback
Yes
No
Powered by
