|
What Happened to my i5/OS Crypto Access Provider?
Published: May 6, 2009
Hey, Joe:
My vendor wants me to install IBM licensed program 5722-AC3 (128-bit Cryptographic Access Provider). However, I can't find that product in my i5/OS V5R4 partition. I could have sworn it was there before we upgraded from version V5R3. What happened to 5722-AC3?
--Sam
With i5/OS V5R4, IBM made some changes to the way it manages encryption. After a V5R4 upgrade, you will notice that the following IBM licensed program products (LPP) are no longer available on your system:
- 5722-AC3--Cryptographic Access Provider--In earlier versions, this was referred to as the 128-bit Cryptographic Access Provider, because there also used to be a 56-bit Cryptographic Access Provider (5722-AC2) and a 40-bit Cryptographic Access Provider (5722-AC1). 5722-AC3 was removed in V5R4Mx, and its features were incorporated into some i5/OS base operating system options (5722-SS1) and a new licensed program product. All capabilities that were available in 5722-AC3 are still available in i5/OS V5R4, and most 5722-AC3 capabilities have become part of the base release of the operating system.
- 5722-CE3--Client Encryption--Like 5722-AC3, this product was also available in a 56-bit version (5722-CE2) and 40-bit version (5722-CE1). The 5722-CEx line of licensed program products were removed with V5R4Mx.
So which features went to which other products and operating system options? Here's a rundown of how 5722-AC3 and 5722-CE3 were absorbed into other IBM licensed program products.
- The base i5/OS operating system (5722-SS1) now provides all the cryptographic functions for Secure Sockets Layer (SSL) processing, Virtual Private Networks (VPN), Transport Layer Security (TLS), and most other cryptographic services and APIs that were previously provided in 5722-AC3. It's particularly important to have the CGA Cryptographic Service Provider (5722-SS1, option 35) installed in your operating system to take full advantage of all of i5/OS' cryptographic capabilities.
- In i5/OS V5R3, the Kerberos Network Authentication server shipped as part of 5722-AC3. In V5R4Mx, IBM split this function away from 5722-AC3 and started shipping it as its own licensed program product, Network Authentication Enablement (5722-NAE). So the Kerberos server is now its own LPP, but there's a trick as to whether or not 5722-NAE will automatically appear on your system after a V5R4Mx upgrade. Even though 5722-NAE is part of the standard set of products that are shipped with every V5R4Mx software release order, it may not have been automatically installed on your system during a V5R4Mx upgrade. Here are the rules for whether or not 5722-NAE was installed during your i5/OS V5R4Mx upgrade.
1. If you upgraded from an i5/OS V5R3 installation that had 5722-AC3 installed, then 5722-NAE will automatically be loaded onto your system. This is because the Kerberos server was shipped as part of 5722-AC3 in V5R3 and IBM included it as part of the V5R4 upgrade processing so that customers would not lose Kerberos processing with the upgrade.
1. If you upgraded from an i5/OS V5R2 system with 5722-AC3 to i5/OS V5R4, the upgrade will not automatically install the new 5722-NAE product. This is because the Kerberos server was not part of 5722-AC3 in i5/OS V5R2. As such, IBM does not automatically add it your system during a V5R2-to-V5R4Mx upgrade. So if you need Kerberos after this upgrade finishes, you'll have to load 5722-NAE yourself.
- To replace 5722-CE3 (Client Encryption) in V5R4Mx, IBM folded those functions into the base code of iSeries Access for Windows (5722-XE1).
To check whether these products are loaded on your system, enter the Work with Licensed Programs (GO LICPGM) menu and select option 10, Display Installed Licensed Programs. Inside option 10, press the F11 key twice to view the option numbers of each installed product. You can also run the Display Software Resources (DSPSFWRSC) command from the green screen to get a slightly different look at the same information.
If these programs aren't loaded onto your system, you can easily load them from the standard set of products that came with i5/OS V5R4Mx. 5722-SS1, option 35 can be found on the D29xx_02 standard set media, while 5722-NAE can be found on the D29xx_04 standard set media.
To install these options, insert the correct CD/DVD into your iSeries, System i, or Power i optical reader and go back to the Work with Licensed Programs (GO LICPGM) menu. Select option 11 (Install licensed programs). The Install Licensed Programs screen will show you a list of programs that are included in the standard and keyed media that were sent to you with the upgrade. Place a '1' (Install) in front of the LPP that you want to install and follow IBM's prompts. After the product or option is installed, be sure to apply any relevant PTFs to bring the product up to its most recent version.
--Joe
 Post this story to del.icio.us
 Post this story to Digg
 Post this story to Slashdot
|
|
Do you need area code information?
Do you need ZIP Code information?
Do you need ZIP+4 information?
Do you need city name information?
Do you need county information?
Do you need a nearest dealer locator system?
We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!
The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.
PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.
Just call us and we'll arrange for 30 days FREE use of either
ZIP/CITY or PER/ZIP4.
WorksRight Software, Inc.
Phone: 601-856-8337
Fax: 601-856-9432
E-mail: software@worksright.com
Web site: www.worksright.com
|
Senior Technical Editor: Ted Holt
Technical Editor: Joe Hertvik
Contributing Technical Editors: Edwin Earley, Brian Kelly, Michael Sansoterra
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
|
IT Jungle Store Top Book Picks
Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
The iSeries Express Web Implementer's Guide: List Price, $49.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
Can the AS/400 Survive IBM?: List Price, $49.00
Chip Wars: List Price, $29.95
|
May 2, 2009: Volume 11, Number 18
April 25, 2009: Volume 11, Number 17
April 18, 2009: Volume 11, Number 16
April 11, 2009: Volume 11, Number 15
April 4, 2009: Volume 11, Number 14
March 28, 2009: Volume 11, Number 13
|
|
|
|
|
