Moving an access list between servers

You can move an access list from one TADDM server to another TADDM server.

You cannot move an access list either to or from a primary storage server or a secondary storage server.

To move an access list from one TADDM server to another, complete the following steps:

  1. Open a command-line window on the TADDM server that you want to move the access list from.
  2. From the $COLLATION_HOME/bin directory, use the following command to write the access list to an encrypted file:
    On Linux®, AIX®, and Linux on System z® operating systems: 
    authconfig.sh -u $username -p $password -d -f $filename
    On Windows operating system:
    authconfig.bat -u username -p password -d -f filename
  3. Copy the encrypted file created by the authconfig command and the TADDMSec.properties file from $COLLATION_HOME/etc/ directory to the TADDM server that you want to move to (destination server). Ensure that you do not overwrite the existing TADDMSec.properties file on the destination server.
  4. On the TADDM server that you have moved the files to, from the $COLLATION_HOME/bin directory, use the following command:
    On Linux, AIX, and Linux on System z operating systems: 
    authconfig.sh -u $username -p $password -m
 -f $filename –k $key_filename [-o] [-e $output_filename]
    On Windows operating system:
    authconfig.bat -u username -p password -m 
-f filename -k key_filename [-o] [-e output_filename]
    where:
    -f filename
    This value specifies the name and location of the encrypted file that was created in step 2.
    -k key_filename
    This value specifies the name and location of the TADDMSec.properties file that you copied from the source TADDM server. The TADDMSec.properties file on the destination server cannot be used when moving an access list that was encrypted by the source server.
    Optional: -o
    The default action when moving an access list between servers is to merge the encrypted files access list with the access list on the destination server. Then the combined list is saved to the database.

    To overwrite the current access list on the destination server with the access list in the encrypted file, add the -o option.

    Optional: -e output_filename
    If you do not want to immediately write the access list from the encrypted file to the database on the destination server, add the -e option. The -e option re-encrypts the access list to an output file using the encryption key of the destination server. You must specify a name for the re-encrypted file and a location for it on the destination server. This option does not save any access list entries from the encrypted file to the database on the destination server.
If you have selected the -e option when moving access lists between servers, you can move the re-encrypted file at a later time to the database of the destination server. When moving the re-encrypted file to the database, use the following command, where filename is the name and location of the re-encrypted file:
On Linux, AIX, and Linux on System z operating systems: 
authconfig.sh -u $username -p $password -m -f $filename [-o]
On Windows operating system:
authconfig.bat -u username -p password -m -f filename [-o]

The -o is optional and behaves exactly as outlined in the preceding procedure. Ensure that you omit the -k option. The TADDMSec.properties file on the remote server cannot be used to move the re-encrypted file to the database.