KDS_KMS_SECURITY_COMPATMD
This parameter allows customization of the KMS_SECURITY_COMPATIBILITY_MODE parameter in a runtime environment's RKANPARU(KDSENV) member. Applicable only in Tivoli® Management Services V6.3.0 and higher.
- Required or optional
- Optional
- Location where the parameter value is stored
- KDSENV member of the &rhilev.&rte.RKANPARU library.
- Parameter name and syntax (See Description)
- KMS_SECURITY_COMPATIBILITY_MODE=&value
- Default value
Y- Permissible values
Y,N
- Description
- By default, command requests (Take Action commands, situation
actions, workflow policy actions, and so forth) are required to include
an encrypted security token. To assist in migration, a security compatibility
mode is provided. If compatibility mode is enabled (KMS_SECURITY_COMPATIBILITY_MODE=Y),
the monitoring server generates a default security token if the component
does not issue one and checking for encrypted command tokens is automatically
disabled. On z/OS®, compatibility mode is enabled by default. If compatibility mode is disabled, Integrated Cryptographic Service Facility encryption must be enabled for the component (monitoring server or monitoring agent) issuing the request.
- The ICSF started task must be running.
- The ICSF load library must be concatenated in the RKANMODL DD statement in the started task JCL of the z/OS monitoring server and z/OS monitoring agents.
- The KAES256 member that contains the encrypted private key must be present in the RKANPARU data set.
- Related parameters
- GBL_DSN_CSF_SCSFMOD0