Re: (GSKit) Access to the key database is not allowed

[Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>]

Hi Doug,

Users need execute authority to directory objects.  You said you gave 
the users *RW access to the directories -- that won't work, because *RW 
only gives them read/write.  It doesn't give them execute.

Users need *RX access (or maybe *RWX) to all of these directories:

/QIBM
/QIBM/UserData
/QIBM/UserData/ICSS
/QIBM/UserData/ICSS/Cert
/QIBM/UserData/ICSS/Cert/Server

And they need *R access (or maybe *RW) to these files:

/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB
/QIBM/UserData/ICSS/Cert/Server/DEFAULT.RDB

Since these last two are files, not directories, you don't need *X 
access to them.  But all of the directories need it.



On 10/26/2011 9:59 AM, Douglas Handy wrote:
> I am getting the error in the subject line when trying to use HTTPS
> via Scott's HTTP API library.  I realize this means the user does not
> have access to the *SYSTEM certificate store.  What I can't figure out
> is why.  The system is on V6R1.
>
> I have already done everything I can find in the archives such as here:
>
> http://archive.midrange.com/midrange-l/200711/msg01029.html
>
> and here:
>
> http://www.scottklement.com/archives/ftpapi/200509/msg00077.html
>
> In other words, I have set the *PUBLIC authority to *RW for every
> folder in this path:
>
>   /QIBM/UserData/ICSS/Cert/Server
>
> as well as the two DEFAULT.* files in the above folder.  Plus the
> steps in the ReadMe included with HTTPAPI to grant users permission to
> run SSL applications.
>
> Users with *ALLOBJ authority naturally have access but not others, and
> I can't find anything that will tell me what object(s) I still need to
> grant access to.
>
> Any suggestions?