(GSKit) Access to the key database is not allowed (ssl_error 6003)
Posted: Tue Apr 02, 2024 11:07 pm
(GSKit) Access to the key database is not allowed (ssl_error 6003)
I've looked at other forum entries on this topic, and I have read the README accompanying HTTPAPI. However, I still have a specific issue I would like assistance with that's not making sense to me, unless there's more to it than the IFS folder/file permissions, such as *PGMR and Special Authorities.
Folder:
/ *PUBLIC *RX
QIBM *PUBLIC *RX
UserData *PUBLIC *RX
ICSS *PUBLIC *RX
Cert *PUBLIC *RX
Server *PUBLIC *EXCLUDE, QSYS *RWX, QLWISVR *RX, QTMHHTTP *RX
File:
DEFAULT.KDB *PUBLIC *EXCLUDE, QSYS *RW, QLWISVR *RX, QTMHHTTP *RX
DEFAULT.RDB *PUBLIC *EXCLUDE, QSYS *RW
This set up does not work for public (User Class *USER, Special Authorities *NONE). It gives the GSKit Access not allowed error as in Subject line.
However, this works fine for IT staff (User Class *PGMR, Special Authorities *ALLOBJ, *SERVICE). I assume it works because the IT staff has *ALLOBJ.
IT Management does not want to give *PUBLIC *RX to Server folder or *R to DEFAULT.* files.
Questions:
I've looked at other forum entries on this topic, and I have read the README accompanying HTTPAPI. However, I still have a specific issue I would like assistance with that's not making sense to me, unless there's more to it than the IFS folder/file permissions, such as *PGMR and Special Authorities.
Folder:
/ *PUBLIC *RX
QIBM *PUBLIC *RX
UserData *PUBLIC *RX
ICSS *PUBLIC *RX
Cert *PUBLIC *RX
Server *PUBLIC *EXCLUDE, QSYS *RWX, QLWISVR *RX, QTMHHTTP *RX
File:
DEFAULT.KDB *PUBLIC *EXCLUDE, QSYS *RW, QLWISVR *RX, QTMHHTTP *RX
DEFAULT.RDB *PUBLIC *EXCLUDE, QSYS *RW
This set up does not work for public (User Class *USER, Special Authorities *NONE). It gives the GSKit Access not allowed error as in Subject line.
However, this works fine for IT staff (User Class *PGMR, Special Authorities *ALLOBJ, *SERVICE). I assume it works because the IT staff has *ALLOBJ.
IT Management does not want to give *PUBLIC *RX to Server folder or *R to DEFAULT.* files.
Questions:
- Is this being overly secure?
- Is it required for *PUBLIC to have the authority regardless?
- If I use a program that executes HTTPAPI and I make its owner QPGMR, USRPRF *OWNER, USEADPAUT *YES and QPGMR has *ALLOBJ, will that solve the problem?
- If so, would this be a recommended solution or a horrible idea?
- If my solution is a horrible idea, what better solutions do you have?