Accessing your key database file on UNIX
On UNIX, the key database file must be created using iKeyman, IKEYCMD, or GSKCapiCmd. When you create your key database file using iKeyman, IKEYCMD, or GSKCapiCmd, the access permissions for the key database file are set to give access only to the user ID from which you used iKeyman, IKEYCMD, or GSKCapiCmd.
The key database file is accessed by an MCA, so ensure that the user ID under which the MCA runs has permission to read both the key database file and the password stash file. MCAs usually run under the mqm user ID, which is in the mqm group. After you have created your queue manager key database file, work with the same user ID to add read permission for the mqm group, using the UNIX chmod command. For example:
chmod g+r /var/mqm/qmgrs/QM1/ssl/key.kdb chmod g+r /var/mqm/qmgrs/QM1/ssl/key.sthWhen you set up the key database file for a WebSphere MQ client, consider working with the user ID under which you run the WebSphere MQ client. This allows you to restrict access to that single user ID. If we need to grant access to a user ID in the same group, use the UNIX chmod command. For example:
chmod g+r /var/mqm/ssl/key.kdb chmod g+r /var/mqm/ssl/key.sthAvoid giving permission to user IDs that are in different groups. For more information, refer to Protecting WebSphere MQ client key repositories.
Parent topic:
Accessing your key database file
sy12180_