ISO8859-1n-34:#o7 4#! 0E v # % +2 9>,x -69+epm\VI!FkUc=lYM rR!S"#o$"-%%&%'&((d)Y**3,^+>,,+,-P,.>-N/W-0M-1`.32w.3:/ 4]/G5]/6s07`0w8091_:1;2<q3 =3~>w3?4v@5A5B62C6D\7sE8Fr;Gz<%H<I+>%J?QK@L>@MANCODSP_EQQERKsS`KTUKU;LJV.LW#LXLYnNsZQ[T\U9]OV ^XZ_8Zz`\ae^9bI_cadbiedHfrfZg;hhk iljmk;o!lq]msBntovpxqHzer|s<~tu vwxyz+{W|C }O~Jx_DUsELi4-{Q\Sfp9c^NJAZSo |HA=$A1jOHf33 (Fw_Yb1Ôģmŏ;g9XơeW`RǸd epwNro&̺y[y&֠ay\9Y]3 -_  )k"D0_xJhl!OH%Z'3),E.w0b437X8+L82889`9=-9-9?9*::-:e.:-:;:t;,1;2;(<8 KC =D DL Da@Dx&DTEtG5eIqKNOekSFzTfX-[\G\p]d]x^v_) p_!`"b%#c$7d%f&h' i.(j;)-kV*!l+Un,nn-ok.p/Op0Rp1aqI2q3sa4*u^5cw6w7#x8x'9xD:-xa;Fx<Ax=Uy>jyn?/y@z AV{Bu{eC{Db|EC}F}^GHeI2JBKrbL WMA-NIoOPweQRxS`TU  VWXYZ|[\]0^_u`y'awbcdefghL‰ijşk~ǠlmˢnmoIup0пqrտsItuiv]w[Hx*ۤyaz1{$|e}S~k8ztB..wNU&!%: 8DE}jB.sqsYeg \n n 3n n n n 9 ^! / 7  "! >A `v &!@!b);r  G,AVk3!l!l%Mv(y/1/R/Y5<5j7I9P9 :} @+Jr|K *Rf\F~\d],^`&a/cdeLGh3i{kGlTmu}m9nHHppsay|b59D)AB3vT<X `5bqNcdi@c86RP&wWs[cMd  Z% MĀ v E uYV&pA-ͲZ;k[JBTflܲ `!*"P>#$n%A&aV'](V)Rm*+XM,-|>.w/30d1%234u;5|6|.7849S:&;;<1=K>J?+\@AB&CDEFYG/H,7IdJ KL  MNOPQR-Sb&TU VWx .X Yd!)Z!["L\"]#^$f_$`%a'b)Gc*<d9*e8*f3+6g7+jh+iS+j:,kv,Ml,m-Jn<-j3- /"8Q9:p&;W<~s={ > @ A CCA 8C3C-CHD Di>EiGFeFxHVH*Jw)KL`Np-P4P-Q4CQb-Q<Q`R$Vr$V V=V*W6WFClient or server must continue data exchange.2650-002 Caller provided incorrect arguments to %s.2650-003 Invalid security services or context token.2650-004 Unable to allocate memory.2650-005 Buffer has incorrect identifier or is corrupt.2650-006 Invalid mechanism code.2650-007 Invalid buffer or ACL entry version number.2650-008 A socket operation failed.2650-009 An ioctl operation failed (errno = %d).2650-010 Authentication error.2650-011 Network credentials error.2650-012 Delegated credentials error.2650-013 User information processing error.2650-014 Unable to obtain host name or ip address.2650-015 Unable to determine service name for target: %s.2650-016 Empty ACL submitted for processing.2650-017 Invalid ACL entry type.2650-018 Invalid privilege attributes buffer.The client initiates an unauthenticated context token.The client is forced by the server to be unauthenticated.2650-001 An error occurred in the MPM layer. mechanism code: 0x%1$x routine name: %2$s major status: 0x%3$x minor status: 0x%4$x 2650-019 An error occurred during processing of the configuration file or the configuration file does not exist.2650-020 The MPM file does not exist, does not have a valid format, or does not export all required routines.2650-021 The context token must be SEC_C_NO_TOKEN when SEC_F_P2P_CONTEXT flag is used.2650-022 Only authenticated context tokens can be used with this routine.2650-023 An internal error occurred. Please contact customer support.2650-024 The MPM must provide output data if the context needs more data to complete.2650-025 The MPM must provide output data if the other party's context needs more data to complete.2650-026 Cannot exceed the maximum CCDB sequence number (%s).2650-027 The sec_prepare_data and sec_process_data routines require a valid input buffer.2650-028 A mismatch in mechanism code occurred between the client and server.2650-029 An MPM's cannot return SEC_S_UNAUTHENTICATED on the server's side after the first round of data exchange.2650-030 The security runtime was instructed to not accept unauthenticated clients.2650-031 libct_sec Failure: incorrect parameters provided. Function name: %1$s Positional parameter number: %2$d Parameter value: 0x%3$x If this failure is encountered during the execution of the Cluster software trusted services, contact IBM Customer Support and report this incident. If this failure is encountered during the execution of other software, verify that the software is using this function correctly. 2650-032 libct_sec Memory allocation failure. Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-033 libct_sec Internal failure: duplicate identity entries in an access control entry list. The access control editing software permitted duplicate entries to be added, or the security library permitted the software to submit multiple entries for the same identity. The security library cannot make an arbitrary decision as to which entry is the valid entry when duplicates exist. If this failure is encountered during the execution of a Cluster software trusted service ACL editor, contact IBM Customer Support and report the incident. If the failure is encountered during the execution of other software, examine the software to ensure that multiple entries are not being provided in the access control entry list. 2650-034 libct_sec Internal failure detected. Function name: %1$s Return code from function: %2$d Routine calling the function: %3$s Contact IBM Customer Support and report this incident. 2650-035 libct_sec Advisory message: No access control entries were detected within the specified access control list for the mechanism request. Mechanism code used in request: 0x%1$x. Identity used in request: %2$s 2650-036 libct_sec Failure: Unsupported security mechanism code provided: Mechanism code: 0x%1$x If this failure is encountered during the execution of the Cluster software trusted services or their associated access control list editing software, contact IBM Customer Support and report this incident. If this failure is encountered during the execution of other software, verify that the software is providing a supported security mechanism code. 2650-037 libct_sec Failure: Unable to locate an entry within an access control list. The security library was searching for an entry which met these conditions: Security Mechanism code: 0x%1$x Identifier value: %2$s It is possible that an entry for this identifier and security mechanism was not created within the access control list. Verify and correct the security mechanism code and identifier information. 2650-038 libct_sec Failure: The access control list provided to this routine is either incorrect or corrupted. It is possible that the application has inadvertently overwritten the variable containing the address of the access control list, or the application may have inadvertently overwritten the memory used to store the access control list. Verify that the application is providing the correct address for the access control list to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertently modifying this memory. 2650-045 The key buffer does not contain a DES key.2650-046 An error occurred in the crypto module of libct_sec.a2650-047 The signature buffer is not valid.2650-048 The key provided does not match the key used to sign the input message.2650-049 The digest provided does not match the input message.2650-050 Unable to find or obtain information about the MPM file: %1$s (stat(): %2$d). 2650-051 Unable to load the MPM file: %1$s (dlopen(): %2$d) dlerror(): %3$s 2650-052 Unable to locate the MPM initialization routine: %1$s (dlsym(): %2$d) dlerror(): %3$s 2650-060 libct_sec: Incorrect parameters provided to %1$s. Positional parameter number: %2$d Parameter value: 0x%3$x 2650-061 libct_sec: Invalid security or identity context. 2650-062 libct_sec: The routine requires a security context instead of an identity context. 2650-063 libct_sec: The routine requires an identity context instead of a security context. 2650-064 libct_sec: The caller must provide %1$d bytes of memory in the second argument of sec_get_client_groups. 2650-065 libct_sec: The identity context provided does not contain the client's privilege set. 2650-066 libct_sec: One and only one of the SEC_F_IDCTX_SECCTX and SEC_F_IDCTX_CIDB must be specified by the caller of this routine. 2650-067 libct_sec: The mechanism specific security context data contains an authenticated identity of length 0. MPM code is %1$x. 2650-068 libct_sec: Internal Error: The security context does not contain any MPM info. This is an abnormal condition for an authenticated security context. 2650-069 libct_sec: At most one of the SEC_F_IDCTX_FORCE_MAP and SEC_F_IDCTX_NO_MAP can be specified by the caller of this routine. 2650-070 libct_sec: Unable to find an MPM that match the mechanism code %1$x in the CtSec's configuration file. 2650-071 libct_sec: Internal Error: mechanism specific data is missing from the (authenticated) security or identity context. 2650-072 libct_sec: Internal Error: client network name is missing from the identity context (mechanism code = %1$x). 2650-073 libct_sec: putenv() failed to set the CT_SEC_IMP_MECHS environment variable. The only reason for this failure is ENOMEM (Insufficient memory was available). 2650-074 libct_sec: Internal Error: The length of the environment variable %1$s exceeds the maximum allowed of 64 characters. 2650-075 libct_sec: Configuration Error: The length of the value for the environment variable %1$s exceeds the maximum allowed of 256 characters. 2650-076 libct_sec: Mechanism Error: The length of the MPM mnemonic %1$s is greater than the maximum length allowed by CtSec. 2650-077 libct_sec: Internal failure detected. Function name: %1$s Return code from function: %2$d Routine calling the function: %3$s Contact IBM Customer Support and report this incident. 2650-078 libct_sec: The security library is unable to initialize the data structures necessary to convert between the codeset used by this application and the UTF-8 data encoding format. This failure has occurred because resources needed by the cluster utilities are not available at this time. Try to run this application again at a later time. 2650-079 libct_sec: The security library is unable to translate a character string between the application codeset and the UTF-8 data the UTF-8 data encoding format. The character string contains bytes that are not valid in the application codeset. This failure can occur when codesets that do not fully support UTF-8 conversion are used by the execution environment. This failure can also occur if the character string memory is overwritten. Verify that the application uses a locale with a codeset that does support UTF-8 conversion, or contact the system administrator to have the default execution environment set to use such a locale. Also verify that the application is not accidentally overwriting the character string data. 2650-080 libct_sec: Mechanism mnemonic error: The MPM mnemonic %1$s is not a valid mnemonic of a configured MPM. 2650-081 The buffer in position %1$d in the vector provided is not valid: it contains a non-zero length and a NULL base. 2650-082 libct_sec: Context token error: sec_get_client_identity cannot generate a typed id buffer from an identity context. The caller of the routine must provide a security context in order to obtain a typed id buffer. If the application requires both the mapped identity and the typed identity buffer, then it should consider calling the routine twice with appropriate arguments. 2650-083 libct_sec: signature buffer error: the signature buffer provided by the caller to the sec_verify_data_v routine is not valid: either its length is 0 (zero) or its value is NULL. Please provide a signature buffer generated by either the sec_sign_data_v or the sec_process_data routines. 2650-084 libct_sec: configuration error: the MPM defined with mnemonic %1$s and code 0x%2$08x has the same priority as the MPM defined with mnemonic %3$s and code 0x%4$08x: %5$d 2650-085 libct_sec: configuration error: the MPM defined with mnemonic %1$s and code 0x%2$08x has the same mnemonic or code as the MPM defined with mnemonic %3$s and code 0x%4$08x. 2650-086 libct_sec: unauthentication warning: MAL was instructed by one of the MPMs to create an unauthenticated security context, but the current configuration does not allow it. The main reason for this condition is that the CT_SEC_IMP_MECHS environment variable for the process does not contain mechanism none. 2650-087 libct_sec: Identity context error: sec_create_id_context() is unable to generate an identity context token from the CIDB provided. The CIDB contains an identity that is usable only on the host where the CIDB was created and is ambiguous on the current host. Please ensure that the CIDB contains a network identity that is not ambiguous. Mechanism code: 0x%1$08x RSCT node ID (of host where CIDB was created): 0x%2$016llx 2650-088 libct_sec: The ACL buffer provided to the routine is not valid: either its length is zero or its value is NULL. Please provide a valid ACL to the routine. 2650-089 libct_sec: The client identified by the identity context provided does not have sufficient permission for the operation requested. The client's permission from the ACL provided is 0x%1$x and the permission required for the operation is 0x%2$x. Syntax: ctaclfck [-c] [-s] [-u ] [-v] -f or, for help: ctaclfck -h ctaclfck: Checks an ACL file for syntactical validity. Syntax: ctaclfck [-c] [-s] [-u ] [-v] -f or, for help: ctaclfck -h Options: -c Continues the checking until the end of the file, treating errors as warnings. The default behavior is to stop on the first error, however, by providing this flag, the routine will not attempt error recovery. -f This option specifies the name of the ACL file. If the ACL file name does not start with a leading '/', then it is treated as relative to the current directory. -h Displays this help message. -s This option instructs the command to compile the contents of the ACL file into an ACL buffer and save it in a cache ACL The cache ACL file will have the same name as the original ACL file, but with an added extension of ".cacl". The ownership and file permissions will be the same as the original ACL file. This option has no effect if specified with the '-u' option. -u This option specifies the name of the user who owns the ACL file. If this option is specified together with option '-s', the command displays a warning message and no cache ACL file will be produced. Also, when this option is specified, the ACL file must reside in the user's home directory. -v This option specifies the verbose mode in which case the command displays the entries in the ACL file. The ACL provided is not valid! ACL descriptor: %1$s byte(s) long Version: %2$d Byte Ordering: %3$d Number of sub-ACLs: %4$d %1$sSubacl: %2$s(length = %3$d byte(s); type = %4$d; mech = %5$s; ACLE count = %6$d) %1$stype = %2$c; mech = %3$s; id = %4$s; permission = %5$s %1$stype = %2$c; id = %3$s; permission = %4$s %1$stype = %2$c; permission = %3$s 2650-101 Failure: incorrect parameters provided. Function name: %1$s Positional parameter number: %2$d Parameter value: 0x%3$x If this failure is encountered during the execution of the Cluster software trusted services, contact IBM Customer Support and report this incident. If this failure is encountered during the execution of other software, verify that the software is using this function correctly. 2650-102 Failure: Memory allocation failure. Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-103 Failure: duplicate identity entries in an access control entry list. The access control editing software permitted duplicate entries to be added, or the security library permitted the software to submit multiple entries for the same identity. The security library cannot make an arbitrary decision as to which entry is the valid entry when duplicates exist. If this failure is encountered during the execution of a Cluster software trusted service ACL editor, contact IBM Customer Support and report the incident. If the failure is encountered during the execution of other software, examine the software to ensure that multiple entries are not being provided in the access control entry list. 2650-104 Internal failure detected. File name: %1$s Line number: %2$d Error code: %3$d Contact IBM Customer Support and report this incident. 2650-105 Advisory message: No access control entries were detected within the specified access control list for the mechanism request. Mechanism code used in request: 0x%1$x. Identity used in request: %2$s 2650-106 Failure: The access control list provided to this routine is either incorrect or corrupted. It is possible that the application has inadvertantly overwritten the variable containing the address of the access control list, ot the application may have inadvertantly overwritten the memory used to store the access control list. Verify that the application is providing the correct address for the access control list to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-107 Failure: The type of the access control entry (ACLE) provided to this routine (%1$d) is of a wrong or unknown type. This routine accepts only an ACLE of type 'user' or 'group'. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACLE argument. Verify that the application is providing the correct type of ACLE to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-108 Failure: The access control entry (ACLE) provided to this routine does not have a valid mechanism mnomonic or identifier. An ACLE of type 'user' or 'expanded' must have both a valid mechanism mnemonic an a valid identifier. An ACLE of type of type 'group' must have a valid identifier. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACLE argument. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-109 Failure: The access control (ACL) buffer provided to this routine does not appear to be a valid ACL buffer. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACL argument. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-110 Failure: The access control (ACL) buffer provided to this routine appears to be corrupted. It is possible that the application has inadvertantly overwritten the value of the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%1$s:%2$d) 2650-111 Failure: The access control list (ACL) buffer/file provided to this routine appears to be corrupted. In any ACL, there can be only one ACL entry (ACLE) of type 'unauthenticated' or 'anyother'. It is possible that the application has inadvertantly overwritten the value of the ACL buffer or that the ACL file is corrupted. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying the memory use for the ACL buffer. In case of an ACL file make sure that there is only one such entry in the file. 2650-112 Failure: A user access control entry (ACLE) with the specified typed identity (%1$s: %2$s) does not exist in the ACL. 2650-113 Failure: The buffer provided by the caller for the second argument is not a valid ACL buffer (type). It is possible that the application provided the wrong buffer to the routine or that it has inadvertantly overwritten the ACL buffer. Make sure that the application is providing the correct variable to the routine and perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-114 Failure: The ACL buffer provided by the caller for the second argument does not have a supported version. Valid ACL buffer versions are version 1. It is possible that the application provided the wrong ACL buffer to the routine or that it has inadvertantly overwritten the ACL buffer. Make sure that the application is providing the correct variable to the routine and perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-115 Failure: The ACL buffer provided by the caller for the second argument does not have the correct byte ordering for the machine. Please ensure that the application converts the ACL buffer to the machine's byte ordering by calling sec_convert_acl_tohost before providing the ACL buffer to this routine. It is also possible that the application has inadvertantly overwritten the ACL buffer. Make sure that the application converts the ACL buffer to the machine's byte ordering and perform memory leak and memory use verification tests on the application to ensure that it is not inadvertantly modifying this memory. 2650-116 Failure: The type of the access control entry (ACLE) provided to this routine (%1$d) is of a wrong or unknown type. Valid ACLE types are 'unauthenticated' (1), 'anyother' (2), 'user' (3), and 'group' (4). It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACLE argument. Verify that the application is providing the correct type of ACLE to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-117 Failure: The type of the access control entry (ACLE) provided to this routine (%1$d) requires either a valid mechanism mnemonic or an identifier, or both. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACLE argument. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-118 Failure: The access control list (ACL) provided to the routine does not contain an access control list entry (ACLE) that matches the type (%1$d), the mechanism (%2$s), and the identifier (%3$s) of the ACLE provided. 2650-119 Failure: The access control list (ACL) provided is not valid. Its length (%1$d) is smaller than the size of an ACL buffer header. It is also possible that the application has inadvertantly overwritten the ACL buffer. Please perform memory leak and memory use verification tests on the application to ensure that it is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-120 Failure: The type of access control list entries (ACLEs) in the current sub-ACL (%1$d) is of a wrong or unknown type. Valid ACLE types are 'unauthenticated' (1), 'anyother' (2), 'user' (3), and 'group' (4). It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Verify that the application is providing the correct type of ACLE to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-121 Failure: The type of access control list entries (ACLEs) in the current sub-ACL (%1$d) should not contain any mechanism. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Verify that the application is providing the correct type of ACLE to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-122 Failure: An access control list (ACL) can have at most one entry of type 'unauthenticated' or 'anyother' each. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%1$s:%2$d) 2650-123 Failure: The access control list (ACL) provided contains a 'user' sub-ACL with an incorrect length for the mechanism mnemonic: %1$d. The length of the mechanism mnemonic must be greater than 1 and less or equal than 16 bytes. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-124 Failure: The access control list (ACL) provided contains a 'user' sub-ACL with an incorrect mechanism mnemonic: %1$s. The length of the mechanism mnemonic must be greater than 1 and less or equal than 16 bytes. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-125 Failure: The access control list (ACL) contains contains an access control list entry (ACLE) with a version that is not supported by the ACL library (%1$d). It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-126 Failure: The access control list (ACL) contains an access control list entry (ACLE) of type 'unauthenticated' or 'anyother' that has an identifier with length greater than zero (0). These types of ACLEs do not contain identifiers and the presence of an identifier in such and ACLE indicates a problem. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-127 Failure: The access control list (ACL) contains an access control list entry (ACLE) of type 'user' or 'group' that has an incorrect identifier: the length of the identifier in the ACLE does not match the length of the identifier string. It is possible that the application has inadvertantly overwritten the variable that contains the ACL buffer. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. (%2$s:%3$d) 2650-128 Failure: The type of the access control entry (ACLE) provided to this routine (%1$d) is of a wrong or unknown type. This routine accepts only an ACLE types of 'unauthenticated', 'anyother', and 'user'. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the ACLE type argument. Verify that the application is providing the correct type of ACLE to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-129 Failure: The type of the access control entry (ACLE) provided to this routine requires a valid mechanism mnemonic that is not NULL or empty string. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the mechanism mnemonic argument. Verify that the application is providing the correct mechanism mnemonic to the routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-130 Failure: The type of the access control entry (ACLE) provided to this routine requires a valid identifier that is not NULL or empty string. It is possible that the application has inadvertantly overwritten the variable passed to the routine as the mechanism mnemonic argument. Verify that the application is providing the correct mechanism mnemonic to the routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying this memory. 2650-131 Internal failure: The ACL library is unable to lock/unlock the internal state data. This failure is unexpected an may occur because of a programming error or memory violation. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertantly modifying the memory use for the internal state. If there are no memory violation, contact IBM's Customer Service. (%1$s:%2$d, %3$d) 2650-132 Failure: The mechanism mnemonic provided to the routine for the first argument is not valid. It is either an empty string or its length is greater than the maximum allowed of 16 bytes. Please provide a valid mechanism mnemonic to the routine. 2650-133 Failure: The ACL file name provided is not valid. This routine requires a 'full path'ACL file name when no username is specified. Please provide the full path to the ACL file or a user name in whose home directory the ACL file resides. 2650-134 Failure: The username provided is not valid. A valid user name does not start with the NULL ('\0') character and is configured on the local host. Please provide a valid user name. 2650-135 Failure: The C/ACL file name provided (%1$s) is not valid. The ACL library is either unable to find such a file or the nfile is not a regular file. Please provide an ACL file name that exists on the filesystem and it is not of type block, special character or fifo. (stat(): errno = %2$d) 2650-136 Failure: The ACL file name provided (%1$s) is not valid in combination with the username provided (%2$s). When the caller provides a username to the routine, the ACL file must either have a full path name (i.e. it starts with a '/') or a simple name (i.e. it does not contain any '/'). Please provide a valid name for the ACL file. 2650-137 Failure: Unable to open the ACL file: %1$s. The following error was returned by the open() subroutine: %2$d. Please make sure that the ACL file name provided is valid and that the ACL file exists on the file system and is readable by the user identity of the process in which the caller of the routine is running. 2650-138 Failure: Unable to the lock or unlock the ACL file or the cached ACL file: %1$s. The following error was returned by the fcntl() subroutine: %2$d. Please make sure that the ACL file name provided is valid and it exists on the file system. 2650-139 Failure: An error occurred while reading the ACL file. The ACL library was able to read only %1$d bytes out of a total of %2$d bytes that represents the size of the file. The read routine returned the following errno: %3$d. Please check the ACL file for validity. 2650-140 Failure: The user provided to the routine (%1$s) cannot be found on this system. Please provide a valid user. 2650-141 Failure: The ACL file provided or its correspondent CACL file are not owned by the username provided by the caller, or their file permissions allow others than to owner to write to it, or the CACL file had different file permissions than the corresponding ACL file. ACL/CACL file name: %1$s User name: %2$s Please ensure the following statements are true: (1) the ACL and CACL files are owned by the user whose name is provided to the routine; (2) only the owner can write to it; and (3) the CACL file has the same file permissions as the corresponding ACL file. 2650-142 Failure: The ACL library is unable to initialize the data structures necessary to convert between the codeset used by this application and the UTF-8 data encoding format. This failure has occurred because resources needed by the cluster utilities are not available at this time. Try to run this application again at a later time. 2650-143 Failure: The ACL library is unable to translate a character string between the application codeset and the UTF-8 data the UTF-8 data encoding format. The character string contains bytes that are not valid in the application codeset. This failure can occur when codesets that do not fully support UTF-8 conversion are used by the execution environment. This failure can also occur if the character string memory is overwritten. Verify that the application uses a locale with a codeset that does support UTF-8 conversion, or contact the system administrator to have the default execution environment set to use such a locale. Also verify that the application is not accidentally overwriting the character string data. 2650-144 Failure: An error occurred while parsing the ACL file. It appears that the ACLE at line %1$d in the ACL file is corrupted or contains characters that are not understood by the ACL library. Please check the contents of the ACL file and make sure it conforms with the syntax and semantics defined in the RSCT Guide. 2650-145 Failure: An error occurred while parsing the ACL file. The mechanism mnemonic (%1$s) at line (%2$d) is not valid: it is longer than the maximum 16 characters allowed. Please edit the ACL file and provide a valid mechanism mnemonic. 2650-146 Failure: One of the characters in the ACLE's permission ('%1$c') does not correspond to a valid permission template. Please verify that the character representation of the permissions used corresponds to the permission template set used. 2650-147 Failure: The access control list (ACL) does not contain an entry (ACLE) that corresponds to the type (%1$d), and, possibly, the mechanism (%2$s) and the identifier (%3$s) provided. Make sure the ACL contains such an entry. 2650-148 Failure: The access control list (ACL) file name (%1$s) is longer or the same length as the the maximum allowed for a file name. This condition makes is impossible for the cached ACL (CACL) file to exist. The CACL file has the same name as the ACL file with the added extension of '.cacl'. In order to save the compiled ACL in a CACL file, please provide an ACL file name that has a length smaller than the maximum allowed on the system minus 6. 2650-149 Failure: The access control list (ACL) file (%1$s) and its corresponding cached ACL (CACL) file do not have the same ownership (user or group). Please change the ownership of the CACL file to be the same as the ownership of the ACL file. 2650-150 Failure: The access control list (ACL) file (%1$s) and its corresponding cached ACL (CACL) file do not have the same file permission . Please change the permission of the CACL file to be the same as the permission of the ACL file. 2650-151 Failure: Unable to open file (%1$s) for writing. Please verify that there is sufficient space on the file system. 2650-152 Failure: An error occurred while writing the compiled ACL to the caching file. The ACL library was able to write only %1$d bytes out of a total of %2$d bytes that represents the size of the compiled ACL. The write routine returned the following errno: %3$d. Please check whether there is sufficient space on the file system. 2650-153 Failure: An error occurred while trying to truncate the existing cached ACL file to the new size (%1$d). Please contact IBM's Customer Service. 2650-154 Failure: An error occurred while trying to set the ownership of the cached ACL (CACL) file (%1$s) to user id %2$s and group id %3$d. Make sure that the process calling this routine is running as root. 2650-155 Failure: An error occurred while trying to set the file permission of the cached ACL (CACL) file (%1$s) to 0x%2$x. Make sure that the process calling this routine has sufficient authority to change the file permission on the CACL file. 2650-156 Failure: Timeout occured when trying to lock the C/ACL file (%1$s). The reason for the time out may be because the file is being locked by another process for more than 2 seconds. Make sure that there is no other process locking the file for more than 2 seconds. 2650-157 Failure: Duplicate entries in the ACL. The ACL already contains an entry with identical type and/or mechanism mnemonic and/or identity. ACLE type: %1$c; mechanism: %2$s; identity: %3$s. Please make sure that all ACL entries in the ACL file or in the ACL buffer are unique. 2650-158 Failure: The ACL entry at line %1$d in the ACL file is longer than the maximum allowed of 1096 characters, including the end of line character. Make sure that the ACL file does not contain any line longer than 1024 characters. 2650-160 Failure: The following option was specified more than once: %1$s Please verify that the command was issued correctly. 2650-161 Failure: The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-162 Failure: The command requires the '-f' option specifying the name of the ACL file that needs to be verified syntactically. Please verify that the command was issued correctly. 2650-163 Warning: The command option '-S' has not been implemented yet. This option instructs the command to stream the input ACL file and it is suitable for large ACL files. 2650-164 Warning: The '-s' option is ignored because the command was invoked with the '-u' option. 2650-165 Failure: The ACL file name provided (%1$s) is not valid in combination with providing a user name (%2$s). When a username is provided to the command, the file name must not contain any path, absolute or relative, and the file must reside in the user's home directory. Provide an ACL file that resides in the specified user's home directory. 2650-166 Failure: Unable to determine the current working directory! (routine: %1$s; errno: %2$d) Please report this condition to the system administrator. 2650-167 Failure: The path to the current working directory is too long for the name of the ACL file. Current working directory: %1$s ACL file name: %2$s Please provide a valid ACL file name and, if the problem persist, report this condition to the system administrator. 2650-168 Failure: The ACL file name constructed from the options provided (%1$s) is incorrect. The command is either unable to find such a file or the file is not a regular file. Please provide an ACL file name that exists on the filesystem and it is not of type block, special character or fifo. (stat(): errno = %2$d) 2650-169 Failure: The ACL file provided (%1$s) is not owned by the username (%2$s) provided by the invoker, or the ACL file permissions allow others than to owner to write to it. Please ensure the following are true: (1) the ACL file is owned by the user whose name is provided to the routine; and (2) that only the owner can write to it. 2650-170 Failure: Unable to open the ACL file: %1$s. The following error was returned by the open() subroutine: %2$d. Please make sure that the ACL file name provided is valid and it exists on the file system, and that the invoker of the command has permission to read the ACL file. 2650-171 ctaclfck: The ACL file (%1$s) is empty! Please invoke the command with an ACL file that is not empty. 2650-172 Failure: An error occurred while parsing the ACL file. It appears that the ACLE at line %1$d in the ACL file is missing one or more tokens. Please check the contents of the ACL file and make sure it conforms with the syntax and semantics defined in the RSCT Guide. 2650-173 Failure: An error occurred while parsing the ACL file. It appears that the ACLE at line %1$d in the ACL file has more tokens than expected. Please check the contents of the ACL file and make sure it conforms with the syntax and semantics defined in the RSCT Guide. 2650-174 Failure: Duplicate 'anyother' or 'unauthenticated' entries in the ACL. The ACL already contains an entry with identical type. ACLE type: %1$c. Please make sure that all ACL entries in the ACL file or in the ACL buffer are unique. 2650-175 Failure: Duplicate 'group' entries in ACL. The ACL already contains a group with an identical identifier. ACLE type: %1$c; ACLE identifier: %2$s. Please make sure that all ACL entries in the ACL file or in the ACL buffer are unique. 2650-176 Warning: Unable to cache the contents of the compiled ACL file because of previously encountered errors. Please correct all errors in the ACL file before the caching can succedd. 2650-177 Failure: Unable to rename the temporary ACL cache file to its permanent name. Temporary CACL file: %1$s Permanent CACL file: %2$s Check whether the full directory path exists and it is writable by the user id of the application's process. 2650-178 Failure: One of the bits in the ACLE's bit-mask permission (0x%1$08x) does not correspond to a valid permission template. Please verify that the bit-mask representation of the permissions used corresponds to the permission template set used. 2650-179 Failure: An error occurred while parsing the ACL file. It appears that the ACLE at line %1$d in the ACL file does not have a valid ACLE type (%2$s). A valid ACLE type is one of the following characters: 'n'/'N' for unauthenticated ACLE; 'o'/'O' for any-other ACLE; 'u'/'U' for user ACLEs; 'e'/'E' for expanded ACLEs; and 'g'/'G' for group ACLEs. Please check the contents of the ACL file and make sure it conforms with the syntax and semantics defined in the RSCT Guide. 2650-180 Failure: An error occurred while parsing the ACL file. It appears that the ACLE at line %1$d in the ACL file does not have a valid permission set (%2$s). Please verify that the character representation of the permissions used corresponds to the permission template set used. ctmsskf: Displays and manages the contents of a CtSec message security service (libct_mss) typed key file. Syntax: ctmsskf { -a | -d | -h | -l } [-f keyfilename] [-k keyvalue] [-t keytype] [-v keyversion] Options: -a Adds a key to a key file. The '-f', '-t', and '-v' options must also be specified. -d Deletes a key from a key file. The '-f' and '-v' options must also be specified. When used with the '-t' option, the key is removed only if the file contains keys of this specified type. -f Used with the '-a', '-d', and '-l' options. This option provides the path name of a key file. This file must be a valid libct_mss formatted typed key file, created either by a libct_mss application or the 'ctmsskf' command. -h Displays a help message for this command. -k Used with the '-a' option. This option provides the key value to be used for the new key being added to a key file. The key value is specified in hexidecimal representation, and must be expressed as a full-byte value. (ex: '-k 4fed8709d2ee42b740'). -l Displays the contents of a key file. The '-f' option must also be specified. When the '-v' option is also specified, only the key with the matching version number is displayed. -t Used with the '-a' and '-d' options. This option specifies the key type when adding or deleting a key from a file. The valid key types are: des_cbc des_md5 3des_md5 aes256_md5 rsa512_sha rsa1024_sha -v Used with the '-a', '-d', and '-l' options. This option specifies the version of the key to be added, deleted, or displayed. Key Type Name: %1$s %1$s formatted message digests %2$s encryption of digests Key Type Name: Unknown - possibly created by newer version of the ctmsskf command or the libct_mss library. Key Version Number: %1$d Key Value Length: %1$d ================================================== -------------------------------------------------- Key File Path Name: %1$s Number of keys in file: %1$d Active Key Version: %1$d Key Value: 2650-500 libct_mss: Incorrect parameters provided to %1$s. Positional parameter number: %2$d Parameter value: 0x%3$x 2650-501 libct_mss: Memory allocation failure in %1$s. Attempted allocation: %2$d bytes 2650-502 libct_mss: The system cannot create the MSS pseudo random number generator pthread key. 2650-503 libct_mss: The system was unable to allocate sufficient memory to associate pthread data with the PRNG's pthread key. 2650-504 libct_mss: An internal error occurred when the program attempted to associate pthread specific data with the PRNG's pthread key. 2650-505 libct_mss: The encryption module required by this type of key (%1$s) failed a previous loading attempt. It is possible that the encryption module does not exist, does not export the appropriate interface, or is corrupted. 2650-506 libct_mss: An internal error occured in the MSS library (file: %1$S, line: %2$d, condition: %3$s). 2650-507 libct_mss: Unable to find encryption module %1$s. 2650-508 libct_mss: Unable to load the encryption module file: %1$s (dlopen(): %2$d) dlerror(): %3$s 2650-509 libct_mss: The encryption module %1$s does not export the standard interface. 2650-510 libct_mss: The key provided does not have a supported type (0x%1$08x) or is mal-formatted. 2650-511 libct_mss: The signature provided is not valid: length: %1$d, value: 0x%$08x 2650-512 libct_mss: The signature provided does not verify the message provided. 2650-513 libct_mss: The key type provided (0x%1$x) is not supported in the current implementation. 2650-514 libct_mss: The key type provided (0x%1$x) is not supported by the MSS crypto module: %2$s. 2650-515 libct_mss: The input buffer provided to the cryptographic routine is greater than the maximum allowed (%1$d). 2650-516 libct_mss: The input buffer provided to the typed key unmarshaling routine is smaller than the minimum size allowed for a typed key (length of buffer data = %1$d). 2650-517 libct_mss: The input buffer provided to the typed key unmarshaling routine is not valid (%1$d:0x%2$08x). 2650-518 libct_mss: The length of the signature buffer provided to the signing routine is smaller than the required size(length of buffer data = %1$d). 2650-525 libct_mss Failure: The specified typed key file does not exist. Verify that the name provided to this routine is correct. If the file name is correct, the file may have been removed from the system. Consider recreating the file, and monitor the file to detect if the file is being accidentally or intentionally removed by other applications or system users. Failing routine name: %1$s Key file name as provided: %2$s 2650-526 libct_mss Failure: The specified typed key file cannot be accessed by this process. The permissions on the file do not permit the user of this process to access the file. Verify that the file path name provided to this routine is correct. If the correct file path name was provided, the process may not have been invoked by the correct user. Verify that the process is being started by the correct system user, and that the user has sufficient permission to access the file. Failing routine name: %1$s Key file name as provided: %2$s 2650-527 libct_mss Memory allocation failure in %1$s. Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-528 libct_mss Internal failure detected in %1$s. Function name: %1$s Return code from function: %2$d Routine calling the function: %3$s Contact IBM Customer Support and report this incident. 2650-529 libct_mss Failure: This routine was not able to lock the specified typed key file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the same typed key file. A process making use of the same typed key file may have become suspended and may need to be forceably shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the key file, but be aware that removing this key file may cause other applications that attempt to use the same typed key file to fail while the file is being recreated and redistributed to the nodes within the cluster that require it. Failing routine name: %1$s Key file name as provided: %2$s 2650-530 libct_mss Failure: The typed key file provided to this routine is either corrupted, or was created by a later version of the libct_mss library than the one currently installed on this system. This problem will prevent the libct_mss library from properly authenticating or deciphering incoming messages from other hosts within the cluster. Contact the system administrator and report this problem. Failing routine name: %1$s Key file name as provided: %2$s Corruption can occur if attempts are made to modify this binary file using a text editor or other unsupported file access tool. System administrators should verify that all nodes within the cluster are using the same version of the libct_mss library, or that the typed key file was created using the oldest version of the libct_mss library available within the cluster. Shut down all cluster trusted services that make use of the key stored within this file, regenerate the typed key, and redistribute the typed key to all nodes within the cluster. Once the key is redistributed, the cluster trusted services may be restarted. Monitor this file to ensure that no other applications or users are erroneously accessing and modifying this file. 2650-531 libct_mss Failure: The named typed key file does not contain any keys. Other applications or privileged system users may have deleted the last key from this file, and may be in the process of creating a new key. Failing routine name: %1$s Key file name as provided: %2$s Try this function again at a later time. If this condition persists, report the failure to the system administrator, and verify that the keys have not been explicitly deleted from this file to prevent applications from running. If system administrators have not purposely removed the keys from this file, a new key needs to be generated. Shut down all cluster trusted services that make use of the key stored within this file, regenerate the typed key, and redistribute the typed key to those nodes within the cluster that require it. Once the key is redistributed, the cluster trusted services may be restarted. Monitor this file to ensure that no other applications or users are erroneously accessing and modifying this file. 2650-532 libct_mss Failure: The named typed key file does not contain a key with the version requested by this application. Other applications or privileged system users may have deleted this version of the key from this file, the requested version of the key may not be known to this node, or the requested version of the key may be obsolete. Failing routine name: %1$s Key file name as provided: %2$s Key version requested: %3$d This process may be requesting an incorrect key version. Verify that the process is requesting the correct version of the key, instead of an obsolete version of the key. If the process is requesting the proper version, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key version requested is a valid version, and if so, update the named key file to contain this version of the key. 2650-533 libct_mss Failure: The routine attempted to record a typed key to a key file, using a version that is already used by an existing key in the file. Failing routine name: %1$s Key file name as provided: %2$s Key version specified: %3$d This process may be requesting an incorrect key version. Verify that the process is requesting the correct version of the key, instead of an active version of the key. If the process is requesting the proper version, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key version requested is a valid version, and if so, update the named key file to remove this version of the key. 2650-534 libct_mss Failure: The routine attempted to record a typed key to a key file, using a type that is different than the type currently in use by the file. Failing routine name: %1$s Key file name as provided: %2$s Key type specified: %3$x This process may be requesting an incorrect key type. Verify that the process is requesting the correct type of key. If the process is requesting the proper key type, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key type requested is the appropriate key type for this file, and if so, replace this key file with a file containing the correct type of keys. 2650-535 libct_mss Failure: The routine attempted to remove a typed key from a key file, using a type that is different than the type currently in use by the file. Failing routine name: %1$s Key file name as provided: %2$s Key type specified: %3$x This process may be requesting an incorrect key type. Verify that the process is requesting the correct type of key. If the process is requesting the proper key type, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key type requested is the appropriate key type for this file, and if so, replace this key file with a file containing the correct type of keys. 2650-536 libct_mss Failure: The routine attempted to delete a typed key from a key file, using a version that is not used by an existing key in the file. Failing routine name: %1$s Key file name as provided: %2$s Key version specified: %3$d This process may be requesting an incorrect key version. Verify that the process is requesting the correct version of the key, instead of an obsolete version of the key. If the process is requesting the proper version, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key version requested is a valid version, and if so, check the key file to ensure that all needed versions of the key exist in this file. 2650-537 libct_mss Failure: The routine attempted to delete the currently active key from a typed key file. Failing routine name: %1$s Key file name as provided: %2$s Key version specified: %3$d This process may be requesting an incorrect key version. Verify that the process is requesting the correct version of the key, instead of the active version of the key. If the process is requesting the proper version, the system may have an obsolete version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the process should wait and attempt the same function again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key version requested is a valid version, and if so, check the key file to ensure that all needed versions of the key exist in this file. 2650-538 libct_mss Failure: The local host's public key file cannot be accessed by this process. The permissions on the file do not permit the user of this process to access the file. This process may not have been invoked by the correct user. Verify that the process is being started by the correct system user, and that the user has sufficient permission to access the file. Failing routine name: %1$s 2650-539 libct_mss Failure: The local host's public key file cannot be opened by this process. The public key file either does not exist, or the contents of the public key file are corrupted. Report this problem to the system administrator. System administrators should consider recreating the public key file on the local node, and redistributing the new public key to all nodes within the cluster that will attempt to authenticate to the local node. During the recreation and redistribution process, any processes on remote nodes attempting to authenticate to trusted services on the local node may fail the authentication attempt while the new public key is being recreated and redistributed. Failing routine name: %1$s 2650-540 libct_mss Failure: This routine was not able to lock the public key file on the local host for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the public key file. A process making use of the public key file may have become suspended and may need to be forceably shut down. If this file is not in use by another process and the condition persists, contact the system administrator and report this problem. System administrators can consider shutting down the ctcasd daemon on the local node, removing the public key file, and restarting the ctcasd daemon to recreate the file. After the file is recreated, the public key recorded in this file must be placed in the trusted host list on this node and any remote node that may attempt to authenticate with services executing on this node. Be aware that modifying the public key on the local host will cause other applications that attempt to use the same typed key file to fail while the file is being recreated and redistributed to the nodes within the cluster that require it. Failing routine name: %1$s 2650-541 libct_mss Failure: The local host's private key file cannot be accessed by this process. The permissions on the file do not permit the user of this process to access the file. This process may not have been invoked by the correct user. Verify that the process is being started by the correct system user, and that the user has sufficient permission to access the file. Failing routine name: %1$s 2650-542 libct_mss Failure: The local host's private key file cannot be opened by this process. The private key file either does not exist, or the contents of the public key file are corrupted. Report this problem to the system administrator. System administrators should consider recreating the private key file on the local node, and redistributing a new public key to all nodes within the cluster that will attempt to authenticate to the local node. During the recreation and redistribution process, any processes on remote nodes attempting to authenticate to trusted services on the local node may fail the authentication attempt while the new keys are being recreated and redistributed. Failing routine name: %1$s 2650-543 libct_mss Failure: This routine was not able to lock the private key file on the local host for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the private key file. A process making use of the private key file may have become suspended and may need to be forceably shut down. If this file is not in use by another process and the condition persists, contact the system administrator and report this problem. System administrators can consider shutting down the ctcasd daemon on the local node, removing the private key file, and restarting the ctcasd daemon to recreate the file. After the file is recreated, the public key recorded in this file must be placed in the trusted host list on this node and any remote node that may attempt to authenticate with services executing on this node. Be aware that modifying the private key on the local host will cause other applications that attempt to use the same typed key file to fail while the file is being recreated and redistributed to the nodes within the cluster that require it. Failing routine name: %1$s 2650-544 libct_mss Failure: The local host's trusted host list cannot be accessed by this process. The permissions on the file do not permit the user of this process to access the file. This process may not have been invoked by the correct user. Verify that the process is being started by the correct system user, and that the user has sufficient permission to access the file. Failing routine name: %1$s 2650-545 libct_mss Failure: The local host's trsuedt host list cannot be opened by this process. The trusted host list either does not exist, or the contents of the trusted host list are corrupted. Report this problem to the system administrator. System administrators should consider recreating the trusted host list file on the local node During the recreation of the trusted host list, any processes on the local node attempting to authenticate to trusted services on remote nodes may fail the authentication attempt while the new trusted host list file is being created. Failing routine name: %1$s 2650-546 libct_mss Failure: This routine was not able to lock the public key file on the local host for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the public key file. A process making use of the public key file may have become suspended and may need to be forceably shut down. If this file is not in use by another process and the condition persists, contact the system administrator and report this problem. System administrators can consider shutting down the ctcasd daemon on the local node, removing the public key file, and restarting the ctcasd daemon to recreate the file. After the file is recreated, the public key recorded in this file must be placed in the trusted host list on this node and any remote node that may attempt to authenticate with services executing on this node. Be aware that modifying the public key on the local host will cause other applications that attempt to use the same typed key file to fail while the file is being recreated and redistributed to the nodes within the cluster that require it. Failing routine name: %1$s 2650-547 libct_mss Failure: This routine was not able to obtain the host key for the following system name: Requested system name: %1$s Failing routine name: %2$s This host is not known within the trusted host list file on the local node. Verify that the correct host name was provided to this routine. The host name must be specified as it is known to the tursted host list, so this failure may occur of the application provides a short host name to the routine when the trusted host list uses either full domain names or Internet host addresses. If the correct host name was provided, report this failure to the system administrator. System administrators should verify that the host being requested is a host that should have been recorded in the trusted host list file for this node, and add the node and its public key to the trusted host list file if necessary. 2650-548 ctmsskf Failure: required options not provided. Verify that the command was entered correctly, using the following usage message as a guide. 2650-549 ctmsskf Failure: The following option was specified more than once: %1$s Please verify that the command was issued correctly. 2650-550 ctmsskf Failure: The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-551 ctmsskf Failure: The command was issued with conflicting options. The following options cannot be specified together in the same execution of this command: %1$s and %2$s Please verify that the command was issued correctly. 2650-552 ctmsskf Failure: The command detected an incorrect or unsupported key type specification. Please verify that the command was issued correctly. 2650-553 ctmsskf Failure: The command detected an incorrect key version number specification. Please verify that the command was issued correctly. 2650-554 ctmsskf Failure: The command detected an incorrect key value from the command line. Please verify that the command was issued correctly, and that a hexidecimal value was specified as the key value. Verify that the key value is expressed as an even number of characters. 2650-555 ctmsskf Failure: The key value provided to this command is larger than this command can support. Verify that the correct key value has been provided to this command, and that the key value does not contain extraneous characters. 2650-556 ctmsskf Failure: An unexpected failure occurred in a subroutine called by this command. Please record the following diagnostic information: Failing routine name: %1$s Error status from failing routine: %2$d Failing routine called by: %3$s Please contact your software service provider and report this information. 2650-557 ctmsskf Failure: This command is unable to create or modify the specified key file on this system. There is insufficient space in the file system where the key file would be stored to create this file. The file system causing this failure contains the following directory: %1$s Increase the amount of space in this file system, or identify and remove unnecessary files in this file system to restore space to this file system. 2650-558 ctmsskf Failure: The command was not able to lock the specified key file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the same key file. A process making use of the private key file may have become suspended and may need to be forceably shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the key file, but be aware that removing this key file may cause other applications that attempt to use the private key file to fail while the file is being recreated. 2650-559 ctmsskf Failure: The typed key file provided to this routine is either corrupted, or was created by a later version of the libct_mss library than the one currently installed on this system. This problem will prevent the libct_mss library from properly authenticating or deciphering incoming messages from other hosts within the cluster. Contact the system administrator and report this problem. Key file path name: %1$s Corruption can occur if attempts are made to modify this binary file using a text editor or other unsupported file access tool. System administrators should verify that all nodes within the cluster are using the same version of the libct_mss library, or that the typed key file was created using the oldest version of the libct_mss library available within the cluster. Shut down all cluster trusted services that make use of the key stored within this file, regenerate the typed key, and redistribute the typed key to all nodes within the cluster. Once the key is redistributed, the cluster trusted services may be restarted. Monitor this file to ensure that no other applications or users are erroneously accessing and modifying this file. 2650-560 ctmsskf Failure: The user of this command does not have sufficient privilege to access the following file: %1$s Verify that the command is being invoked by the correct system user, and that the user has sufficient operating system privileges to access this file. Verify that the permissions on the file are correct. 2650-561 ctmsskf Failure: The following file cannot be opened, or does not contain any typed keys: %1$s Verify that the correct file name was provided to this command, and that the file exists. Also verify that the correct system user is invoking this command, and that the file has granted that user permission to access the file. If any of the directories in the file path name forbid the user access to that directory, this command will be unable to access the file. If none of the above conditions exist, another process may have exclusive use of the file. Retry this request at a later time. 2650-562 ctmsskf Failure: The command detected a failure in an operating system call caused by a kernel memory allocation failure. This command did not attempt to allocate memory directly, but the underlying operating system call failed to obtain memory it needed to complete its function. The kernel may require additional memory resources. Report this failure to the system administrator. Identify processes using large amounts of memory and consider shutting these processes down. Perform a system analysis to ensure that the kernel has been allocated sufficient memory resources. Failing routine name: %1$s Error status from failing routine: %2$d Failing routine called by: %3$s 2650-563 ctmsskf Failure: The command detected that the specified key version already exists within the key file: Key file path name: %1$s Requested key version: %2$d Verify that the correct key version number was provided to this command. If the correct version number was specified, the key using the same version number in the key file must first be removed before the new key can be added. Keep in mind that if the existing key with this version is removed while applications are still running, some appliations may experience authentication failures when the key value is changed. Consider using a different key version number that is not already used by a key within this file. 2650-564 ctmsskf Failure: The key type provided to this command is not the key type used by the key file specified: Key file path name: %1$s Key type specified by the command user: %2$s Verify that the correct file name and key type name were specified. Use the 'ctmsskf -l' command to view the contents of this file, and to determine the type of keys recorded in this file. Reissue the command again using the correct file name and key type. 2650-565 ctmsskf Failure: The routine attempted to delete the currently active version of a key from a key file. Typed key file path name: %1$s Key version specified: %2$d The user may be requesting an incorrect key version. Verify that the correct version of the key was specified, instead of the currently active version of the key. If the user is requesting the proper version, the system may have an outdated version of the key file that does not contain recent updates made by other systems within the cluster. For this type of failure, the user should wait and attempt the command again at a later time. If this failure condition persists, report this failure to the system administrator. System administrators should verify that the key version requested is a valid version, and if so, check the key file to ensure that all needed versions of the key exist in this file. 2650-566 ctmsskf Failure: The command could not allocate sufficient memory to store a typed key in memory. This failure could occur when many processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. If this failure continues to occur, report this failure to IBM Customer Support. 2650-567 ctmsskf Failure: The specified key version could not be found in the key file. Key file path name: %1$s Requested version number: %2$d 2650-600 libct_crypt: Either key length or input buffer length provided to %1$s is zero 2650-601 libct_crypt: Unsupported key length: type (0x%1$08x) length (%2$d) 2650-602 libct_crypt: Encryption/Decryption failed2650-603 libct_crypt: Unable to compute the key schedule2650-604 libct_crypt: Invalid buffer provided for decryption routine (%1$s):buffer length(%2$d) 2650-625 Could not create backup log: %1$s. 2650-626 Invalid input : %1$s flag required. 2650-627 Invalid input : %1$s must be followed by an argument. 2650-628 Error on dlopen of library %1$s. 2650-629 This command invoked as: %1$s %2$s 2650-630 Invalid argument : %1$s was entered. 2650-631 %1$s exiting with Return Code %2$d. 2650-632 Error from %1$s call from %2$s, return code=%3$d. 2650-633 Error renaming temporary keytab file: %1$s to converted keytab: %2$s. The temporary file will be deleted .2650-634 Error from stat function for file: %1$s 2650-635 Error from chmod function for file: %1$s 2650-636 Error removing the file: %1$s. 2650-637 Error from setting address for %1$s from %2$s. 2650-638 No keys were found for the principal %1$s in the DCE keytab file: %2$s. 2650-639 The DCE keytab file: %1$s does not exist. 2650-640 One or more of the flags entered are incorrect OR argument value is not supplied to a valid flag. 2650-641 Warning: Number of keys returned from DCE keyfile is zero 2650-642 Internal error while procesing the keyfile 2650-643 Warning: Key version number in DCE keyfile reached the maximum ctsidmck: Verification utility for the CtSec security identity mapping function. This command displays the user identifier mapping for a security network identifier, as defined by the identity mapping files. Syntax: ctsidmck -h | -i | { [-d l | m | h ] -m mechanism security_id } Options: -d Indicates the level of detail for the command output: l Low level of detail. The command will display the user identity map only. This is the default detail level. m Medium level of detail. The command will display the user identity map, and the entry from the identity mapping files used obtain this mapping. h High level of detail. The command will display all entries that the command processes from the identity mapping files, until a mapping is found. -h Displays usage information for the command. -i Inquires for the security mechanisms that are known to this node's CtSec library. The mechanisms are listed by the mnemonic used in the CtSec configuration file. -m Indicates the security mechanism to be used when interpreting the security network identifier. The mechanism is specified using its mnemonic, which can be obtained using the '-i' option. The security_id argument must be an identifier suitable for use by the security mechanism named by the '-m' option. ctsidmck: Security mechanisms supported by the CtSec library on this node: Entry bypassed because localhost keyword cannot be resolved. : maps %1$s to %2$s : did not yield a map ctsidmck: No mapping found for security network identifier %1$s 2650-650 libct_idm Failure: Incorrect parameters detected. Detecting function name: %1$s Positional parameter in error: %2$d Value of parameter: 0x%3$x Verify that the application is providing the correct parameters to this function, and correct the application to pass valid parameters. 2650-651 libct_idm Failure: Incorrect parameters detected by an internal subroutine. Detecting function name: %1$s Positional parameter in error: %2$d Value of parameter: 0x%3$x Contact the system administrator and report this problem. System administrators should report this failure to the cluster software service representative. 2650-652 libct_idm Failure: Unable to locate any security service identity mapping files on the local system. Identity mapping and group based authorization is not possible without the mapping files. The mapping files were expected in one of the following locations: %1$s%2$s %1$s%3$s These files are optional, and not required for individual based authorization functions. If these files were previously available, they may have been accidentally or intentionally removed. If the files were accidentally removed, contact the system administrator and request that these files be reconstructed or restored from a backup. 2650-653 libct_idm Failure: The specified identity mapping file cannot be accessed by this process. The permissions on the file do not permit the user of this process to access the file. Verify that the user of this application has sufficient privilege to access the identity mapping files. Failing routine name: %1$s Identity mapping file name: %2$s 2650-654 libct_idm Memory allocation failure. Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-655 libct_idm Internal failure detected. Function name: %1$s Return code from function: %2$d Routine calling the function: %3$s Contact the cluster security software service representative and report this incident. 2650-656 libct_idm Failure: This routine was not able to lock the identity mapping definition file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the same identity map file. A process making use of the same file may have become suspended and may need to be forcibly shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the identity mapping file or restoring a backup copy of the file. If you choose to remove this file, be aware that the identity mapping and group based authorization functions of the cluster security service may not be able to function without this file. While the file is missing or locked, authorization attempts may fail. Failing routine name: %1$s Identity mapping definition file name: %2$s 2650-657 libct_idm Failure: Unable to open a stream for an identity mapping definition file. Report this failure to the system administrator. System administrators should report this failure to the cluster security software service representative. Identity mapping definition file: %1$s File descriptor value: %2$s Error code from fdopen subroutine: %3$d 2650-658 libct_idm Failure: Memory allocation failure: Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-659 libct_idm Failure: The library could not determine the modification time of an identity mapping definition file that it had already opened. The library cannot perform identity mapping or group based authorization functions at this time. Identity mapping definition file name: %1$s Error code from fstat() C library routine: %2$d This failure is occasionally caused by a lack of kernel memory, which should also cause failures in other unrelated system applications. If multiple system applications are also failing, contact the system administrator and request that a kernel memory availability analysis be performed on the system. If kernel memory availability is not a cause of failure, this condition may indicate an internal failure within the libct_idm library. Contact the cluster security software service representative and report this condition. 2650-660 libct_idm Failure: The MPM calling the IDM mapping service did not register a translator and cleanup routine with the IDM's native mapping service. MPM mnemonic: %1$s 2650-661 libct_idm Failure: The library was unable to initialize a mutex required by its internal structure. Routine where error occurred: %1$s 2650-662 libct_idm Failure: The rule structure does not contain valid registry information or a valid number of tokens, or is ambiguous. 2650-663 libct_idm Failure: The rule structure and the id structure do not share the same registry information. 2650-664 libct_idm Failure: The rule structure and the id structure contain a different number of tokens. Number of tokens contained by the rule structure: %1$d Number of tokens contained by the id structure: %2$d 2650-665 libct_idm Failure: The rule structure does not contain valid registry information of a valid number of tokens. 2650-666 libct_idm Failure: Unable to find a match between a rule token (%1$s) and the corresponding id token (%2$s). 2650-667 libct_idm Failure: Unable to find a match between the rule registry (%1$s) and the id registry (%2$s). 2650-668 ctsidmck Failure: The command failed to successfully read the CtSec library configuration file. This file is expected to reside in the following locations: /var/ct/cfg/ctsec.cfg /opt/rsct/cfg/ctsec.cfg These files may not be available on the system, permissions on the files may have been altered, or the contents of these files may be corrupted. Ensure that at least one of these files is present, and that the file has granted read-only access to all system users. Check the configuration file for content errors. 2650-669 ctsidmck Failure: The command could not allocate memory. This failure can be caused by insufficient virtual memory on the system, or when the user has exceeded the memory usage limit. Check for processes started by this user that may be using large amounts of memory, and consider terminating these processes. If this failure persists, contact the cluster security software service provider and report this failure. 2650-670 ctsidmck Failure: An internal failure was encountered: Failing function name: %1$s Return code for failing function: %2$d Routine invoking the failing function: %3$s Contact the cluster security software service provider and report this failure information. 2650-671 ctsidmck Failure: The command was unable to load the security mechanism pluggable module (MPM) used by the CtSec library to interface with the following security mechanism: %1$s Consult the cluster security services documentation to determine the appropriate response to this module loading failure. 2650-672 ctsidmck Failure: The command encountered a failure while loading the security mechanism pluggable module (MPM) for the following security mechanism: %1$s The following failure information was provided by the security mechanism pluggable module: Major status code: 0x%2$x Minor status code: 0x%3$x Mechanism status code: 0x%4$x Mechanism status description: %5$s Consult the cluster security services documentation to determine the appropriate response to this module loading failure. 2650-673 ctsidmck Failure: An internal failure occurred within this command. The command provided incorrect parameters to the translation routine provided by the security mechanism pluggable module. Contact the cluster security software service provider and report this failure. 2650-674 ctsidmck Failure: An unexpected failure was reported by the security mechanism pluggable module from the translation routine: Return code for failing function: %1$d Contact the cluster security software service provider and report this failure information. 2650-675 ctsidmck Failure: An unexpected failure was reported by the security mechanism pluggable module from the identity rule application routine: Return code for failing function: %1$d Contact the cluster security software service provider and report this failure information. 2650-676 ctsidmck Failure: An internal failure occurred within this command. The command provided incorrect parameters to the identity mapping rule application routine provided by the security mechanism pluggable module. Contact the cluster security software service provider and report this failure. 2650-677 ctsidmck Failure: The command was unable to read the identity mapping files for the local system. These files are expected to reside in at least one of the following locations: /var/ct/cfg/ctsec_map.local /var/ct/cfg/ /opt/rsct/cfg/ Verify that at least one of these files can be accessed by users on the local system, and that all system users have been granted read access to the file and the directory where the file is stored. Verify that the contents of these files have not been corrupted. 2650-678 ctsidmck Failure: A required argument was not provided by the command user. 2650-679 ctsidmck Failure: An incorrect option for the output detail level was provided to this command: %1$c 2650-680 ctsidmck Failure: Multiple output level specifications were detected in the command line arguments. Only one output level may be specified. 2650-681 ctsidmck Failure: Multiple security mechanism specifications were detected in the command line arguments. Only one security mechanism may be specified. 2650-682 ctsidmck Failure: A required argument to a command option is missing. 2650-683 ctsidmck Failure: An incorrect option was specified by the command user. 2650-684 ctsidmck Failure: The command user provided mutually exclusive options to this command. 2650-685 ctsidmck Failure: The command is unable to locate the security mechanism pluggable module (MPM) for the requested security mechanism. The module was expected to reside in the following location: %1$s Verify that the correct security mechanism was specified on the command line. Contact the system administrator and ensure that the security mechanism pluggable module is installed, and that the module has not been corrupted. 2650-686 ctsidmck Failure: The command was unable to load the security mechanism pluggable module (MPM) for the specified security mechanism. The failure message obtained from the operating system was: %1$s The security mechanism pluggable module used by this command was: %2$s Verify that the correct security mechanism was specified on the command line. Contact the system administrator and ensure that the security mechanism pluggable module is installed, and that the module has not been corrupted. 2650-687 ctsidmck Failure: The command was unable to locate the required initialization function within the security mechanism pluggable module (MPM) for the specified security mechanism. The failure message obtained from the operating system was: %1$s The security mechanism pluggable module used by this command was: %2$s Verify that the correct security mechanism was specified on the command line. Contact the system administrator and ensure that the security mechanism pluggable module is installed, and that the module has not been corrupted. 2650-688 ctsidmck Failure: Identity mapping is not supported for the specified security mechanism. : Rule is not valid. : Network identifier is incorrect. : denies a mapping for %1$s ctsidmck: %1$s maps to %2$s ctsidmck: Mapping explicitly denied for %1$s 2650-690 libct_idm Invalid entry in cluster hosts configuration file. 2650-691 libct_idm Error while inserting the balanced tree node. 2650-692 libct_idm: stat() system call on cluster hosts configuration file failed 2650-693 libct_idm: The process doesn't have permissions to read the cluster hosts configuration file. 2650-694 libct_idm: read() system call failed. 2650-695 ctsidmck Failure: The security mechanism specified by the command user is not a recognized security mechanism for this system. The mechanism name supplied by the command user was: %1$s Verify that the correct security mechanism name was specified. 2650-696 ctsidmck Failure: No security network identifier was provided by the caller. 2650-697 ctsidmck Failure: Unrecognized arguments or multiple security network identifiers provided to this command. 2650-698 libct_idm Failure: The user specified by name "%1$s" does not exist on this system. Before attempting to acquire group membership, please make sure the user name provided represents a valid user on the system. 2650-699 libct_idm Failure: Unable to get information about the group specified by group id %1$d. 2650-700 libct_idm Failure: getgrent_r() failed with errno = %1$d. ctskeygen: Generates keys to be used with the CtSec cluster security service host authentication services software. Syntax: ctskeygen { -c | -d | -h | -i | -n | -r} [-f] [-m method] [-p publickeyfile] [-q privatekeyfile] Options: -c Converts a private key file that was created by a prior version of this command to make use of the Public Key Cryptography Standard (PKCS) encoding format. This option may be used with the '-q' option. If the '-q' option is not specified, the private key file specified in the ctcasd.cfg configuration file is used, or the default location is used. This option will not modify files already using the PKCS format. -d Displays the local host's identifier token value to standard output in character string form. -f Used with the '-n' option, this forces this command to record the keys it generates to the key files - without this option, the command will fail if the key files already exist. -h Displays a help message for this command. -i Lists the methods supported by this version of the command - these methods can be used as arguments to the '-m' option. -m Used with the '-n' option, this indicates the method to be used to generate the keys - issue 'ctskeygen -i' to obtain the list of methods supported by this option and the default method used to generate the keys. -n Instructs the command to generate host identifier keys -p Indicates the path name of a file where the public key is to be stored upon completion of the command. -q Indicates the path name of a file where the private key is to be stored upon completion of the command. -r Removes public and private key files. The '-p' and '-q' options may be used with this option. If the '-p' or '-q' options are not specified, the command removes the keyfiles specified in ctcasd.cfg configuration file. If no key files are explicitly specified in the ctcasd.cfg configuration file, the command removes the keyfiles from the default locations. ctskeygen: The following methods of key generation are available: -m argument value Description ----------------- ----------- rsa512 RSA key generation method, 512-bit key rsa1024 RSA key generation method, 1024-bit key rsa2048_sha256 RSA key generation method, 2048-bit key (use sha256 for sign & verify) rsa2048_sha512 RSA key generation method, 2048-bit key (use sha512 for sign & verify) rsa3072_sha256 RSA key generation method, 3072-bit key (use sha256 for sign & verify) rsa3072_sha512 RSA key generation method, 3072-bit key (use sha512 for sign & verify) rsa4096_sha256 RSA key generation method, 4096-bit key (use sha256 for sign & verify) rsa4096_sha512 RSA key generation method, 4096-bit key (use sha512 for sign & verify) The default method used by this command is '%1$s' %1$s (generation method: %2$s) Host Identity: %1$s Identifier Generation Method: %2$s Identifier Value: %3$s -------------------- ctsthl: Displays and modifies the trusted host list file to be used with the CtSec cluster security service host authentication services software. Syntax: ctsthl { -a | -d | -h | -l | -r | -s | -z } [-f trustedhostfile] [-n hostname] [-m method] [-p identifier] Options: -a Adds an entry for a host to the trusted host list file. The '-n', '-m', and '-p' options must also be provided. If an entry already exists for the specified host in the trusted host list file, the entry is modified to match the information provided to this command. -d Removes an entry for a specified host from the trusted host list file. The '-n' option must also be provided. -f Indicates the fully qualified path name of the trusted host list file. If this option is not provided, the command will use the trusted host list file currently configured for the Host Based Authentication security mechanism. -h Displays a help message for this command. -l (lower case L) Lists the contents of the trusted host list file to standard output. -n Indicates the host identity to be used in this operation. -m Used with the '-p' option, this indicates the method used to generate the host identifier key. The 'ctskeygen -i' command lists the available key generation methods. -p Specifies the host identifier value to be used in this operation. Host identifiers are represented as a character string encoding of the host identifier value. For example, a host identifier value of 0x5df367b9 is expressed as '-p 5df367b9'. -r Removes the THL file supplied on the command line. If not supplied on the command line, it removes the THL file that is specified in ctcasd.cfg or if none specified in the ctcasd.cfg it deletes the trusted host list file in the default location. -s Instructs the command to seed the trusted host file with entries for each known host name and IP address value of the local system. If any entries exist for any of these values, they are replaced by this option. -z Compacts the trusted host list file by removing unused entries and extra space within entries. ctsthl: Contents of trusted host list file: -------------------- ctsthl: The following host was removed from the trusted host list: %1$s 2650-951 libct_has Failure: incorrect parameters provided to %1$s. Function name: %1$s Positional parameter number: %2$d Parameter value: 0x%3$x If this failure is encountered during the execution of the Cluster software trusted services, contact IBM Customer Support and report this incident. If this failure is encountered during the execution of other software, verify that the software is using this function correctly. 2650-952 libct_has Memory allocation failure in %1$s. Function name: %1$s Attempted allocation: %2$d bytes Most often, this failure occurs when a process exceeds its memory allocation limit. In rare cases, this failure occurs when a number of processes allocate huge amounts of memory and utilize all available memory on the system. Verify that the allocation itself is not exceeding its own limit. If a Cluster software trusted service is exceeding its limit, contact IBM Customer Support and report this incident. If another software application is exceeding its limit, examine the software for memory management problems and memory leaks. If the application is not exceeding its memory allocation limits, contact the system administrator and report this incident. System administrators should identify processes using excessive memory and consider terminating these processes. 2650-953 libct_has Internal failure detected in %1$s. Function name: %1$s Return code from function: %2$d Routine calling the function: %3$s Contact IBM Customer Support and report this incident. 2650-954 libct_has Failure: Host identifier problem in %1$s. Function name: %1$s The host identifier token provided to this routine is either not valid or corrupted. It is possible that the application has inadvertently overwritten the variable containing the address of the token, ot the application may have inadvertently overwritten the memory used to store the token. Verify that the application is providing the correct address for the host identifier token to this routine. Perform memory leak and memory use verification tests on the application to ensure that the application is not inadvertently modifying this memory. 2650-955 libct_has Failure: Internationalization failure in %1$s. Function name: %1$s The execution environment used by this application is using a codeset that cannot be converted to the UTF-8 data encoding format. The security library uses the UTF-8 data encoding scheme, and cannot continue if it cannot translate from the current codeset to UTF-8 data encoding. Name of codeset in use: %2$s Correct the application to set locale information that uses a codeset that does support UTF-8 conversion, or contact the system administrator to have the default execution environment set to use such a locale. 2650-956 libct_has Failure: Internationalization failure in %1$s. The security library is unable to initialize the data structures necessary to convert between the codeset used by this application and the UTF-8 data encoding format. This failure has occurred because resources needed by the cluster utilities are not available at this time. Try to run this application again at a later time. 2650-957 libct_has Failure: Translation failure in %1$s. Function name: %1$s The security library is unable to translate a character string between the application codeset and the UTF-8 data encoding format. The character string contains bytes that are non-valid in the application codeset. This failure can occur when codesets that do not fully support UTF-8 conversion are used by the execution environment. This failure can also occur if the character string memory is overwritten. Verify that the application uses a locale with a codeset that does support UTF-8 conversion, or contact the system administrator to have the default execution environment set to use such a locale. Also verify that the application is not accidentally overwriting the character string data. 2650-958 libct_has Failure: Security file access failure. A failure occurred while attempting to access the trusted host list file, the local public key file, or the local private key file. The file does not exist on this system, or does not have the correct file permissions. The file is expected to have the following name: File name: %1$s The following error code was returned by the open or stat function: Error code: %2$d (documented in /usr/include/errno.h) Verify that the correct user is attempting this function. Certain security files can only be accessed by the system administrator. Contact the system administrator and report problems when authorized users are denied access to this file. System administrators should verify that the file exists, and that the permissions on this file are set as indicated above. System administrators should also verify that each directory component of the above path name permits the contents of the directory to be viewed by all system users. 2650-959 libct_has Failure: Trusted host list file corrupted. The file containing the trusted host list appears to be corrupted. This problem will prevent the security library from properly authenticating incoming traffic from other hosts within the cluster. Contact the system administrator and report this problem. System administrators should ensure that the permissions set on this file are set to %1$d, and that other applications or users are not modifying the file. 2650-960 libct_has Failure: No space left in %2$s. The file system where the trusted host list file is stored has no space available. The modification attempted by this routine has failed. Name of failing library routine: %1$s File name used: %2$s Contact the system administrator and report this problem. System administrators should extend the size of the file system where this file is stored, remove unnecessary files from this file system, or compress files residing in this file system to regain storage. 2650-961 ctskeygen Failure: required options not provided. Verify that the command was entered correctly, using the following usage message as a guide. 2650-962 ctskeygen Failure: The following option was specified more than once: %1$s Please verify that the command was issued correctly. 2650-963 ctskeygen Failure: The command was issued with conflicting options. The following options cannot be specified together in the same execution of this command: %1$s and %2$s Please verify that the command was issued correctly. 2650-964 ctskeygen Failure: The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-965 ctskeygen Failure: The following key generation method is not supported by this version of the 'ctskeygen' command: %1$s Please verify that the command was issued correctly. Use the 'ctskeygen -1' command to obtain the list of key generation methods supported by this version of the command. 2650-966 ctskeygen Failure: The private key file already exists on this system. As a precaution, the 'ctskeygen' command will not replace the contents of this file unless explicitly instructed to do so through the use of the '-f' option is specified to this command. Please verify that this command was issued correctly. To replace the contents of the existing private key file, modify the command usage to include the '-f' option. 2650-967 ctskeygen Failure: The public key file already exists on this system. As a precaution, the 'ctskeygen' command will not replace the contents of this file unless explicitly instructed to do so through the use of the '-f' option is specified to this command. Please verify that this command was issued correctly. To replace the contents of the existing public key file, modify the command usage to include the '-f' option. 2650-968 ctskeygen Failure: The user of this command does not have sufficient privilege to access, or modify the contents of, the private key file on this system. Verify that the user is executing this command as the correct system user, and verify that the permissions on the private key file and the directory containing the file permit the command user to access the file. 2650-969 ctskeygen Failure: The user of this command does not have sufficient privilege to access, or modify the contents of, the public key file on this system. Verify that the user is executing this command as the correct system user, and verify that the permissions on the public key file and the directory containing the file permit the command user to access the file. 2650-970 ctskeygen Failure: This command is unable to create a file to store the private key on this system. There is insufficient space in the file system where the private key file would be stored to create this file. The file system causing this failure contains the following directory: %1$s Increase the amount of space in this file system, or identify and remove unnecessary files in this file system to restore space to this file system. 2650-971 ctskeygen Failure: This command is unable to create a file to store the public key on this system. There is insufficient space in the file system where the public key file would be stored to create this file. The file system causing this failure contains the following directory: %1$s Increase the amount of space in this file system, or identify and remove unnecessary files in this file system to restore space to this file system. 2650-972 ctskeygen Failure: This command is unable to create a file to store the private key on this system, because of a configuration problem on this system. The failure involves the following directory name: %1$s A component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory, or may exist in a read-only file system. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-973 ctskeygen Failure: This command is unable to create a file to store the public key on this system, because of a configuration problem on this system. The failure involves the following directory name: %1$s A component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory, or may exist in a read-only file system. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-974 ctskeygen Failure: The command was not able to lock the private key file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the system's private key file. A process making use of the private key file may have become suspended and may need to be forcibly shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the private key file, but be aware that removing this key file may cause other applications that attempt to use the private key file to fail while the file is being recreated. 2650-975 ctskeygen Failure: The command was not able to lock the public key file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the system's public key file. A process making use of the public key file may have become suspended and may need to be forcibly shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the public key file, but be aware that removing this key file may cause other applications that attempt to use the public key file to fail while the file is being recreated. 2650-976 ctskeygen Failure: An unexpected failure occurred in a subroutine called by this command. Please record the following diagnostic information: Failing routine name: %1$s Error status from failing routine: %2$d Failing routine called by: %3$s Please contact your software service provider and report this information. 2650-977 ctskeygen Failure: This command could not allocate memory to store the public or private keys. Identify processes currently executing on the system that are consuming large amounts of memory, and consider canceling or terminating these processes. If this condition persists or occurs every time this command is invoked, this symptom may indicate a possible problem with the command itself, and the software service provider should be contacted. 2650-978 libct_has Failure: cannot lock trusted host list or key file. The library was not able to lock a file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the trusted host list or the system's key files. A process making use of these files may have become suspended and may need to be forcibly shut down. 2650-979 ctskeygen Failure: This command is unable to access the public key file on this system, because of a configuration problem on this system. The failure involves the following directory name: %1$s The public key file may not exist in this directory, a component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory. If the '-p' option was specified, verify that the correct file name was provided as an argument for that command option. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-980 ctsthl Failure: The user of this command does not have sufficient privilege to access, or modify the contents of, the trusted host list file on this system. Verify that the user is executing this command as the correct system user, and verify that the permissions on the trusted host list file and the directory containing the file permit the command user to access the file. 2650-981 ctsthl Failure: This command is unable to create a file to store the trusted host list on this system. There is insufficient space in the file system where the trusted host list file would be stored to create this file. The file system causing this failure contains the following directory: %1$s Increase the amount of space in this file system, or identify and remove unnecessary files in this file system to restore space to this file system. 2650-982 ctsthl Failure: This command is unable to create a file to store the trusted host list on this system, because of a configuration problem on this system. The failure involves the following directory name: %1$s A component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory, or may exist in a read-only file system. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-983 ctsthl Failure: An unexpected failure occurred in a subroutine called by this command. Please record the following diagnostic information: Failing routine name: %1$s Error status from failing routine: %2$d Failing routine called by: %3$s Please contact your software service provider and report this information. 2650-984 ctsthl Failure: The command was not able to lock the trusted host list file for exclusive use within a reasonable period of time. Another process has exclusive use of the file. Retry this request at a later time. If the condition persists, examine the system for other processes that may be attempting to examine or modify the system's trusted host list file. A process making use of the trusted host list file may have become suspended and may need to be forcibly shut down. If this file is not in use by another process and the condition persists, consider removing and recreating the trusted host list file, but be aware that removing this file may cause other applications using the Host Based Authentication mechanism through the Cluster Security Services to fail while the file is being recreated. 2650-985 ctsthl Failure: This command could not allocate memory needed to process the trusted host list file. Identify processes currently executing on the system that are consuming large amounts of memory, and consider canceling or terminating these processes. If this condition persists or occurs every time this command is invoked, this symptom may indicate a possible problem with the command itself, and the software service provider should be contacted. 2650-986 ctsthl Failure: This command is unable to access the trusted host list file on this system, because of a configuration problem on this system. The failure involves the following directory name: %1$s The trusted host list file may not exist in this directory, a component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory. If the '-f' option was specified, verify that the correct file name was provided as an argument for that command option. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-987 ctsthl Failure: required options not provided. Verify that the command was entered correctly, using the following usage message as a guide. 2650-988 ctsthl Failure: The following option was specified more than once: %1$s Please verify that the command was issued correctly. 2650-989 ctsthl Failure: The following host was not found in the trusted host list file: %1$s Verify that the correct host name was provided using the '-n' option. If the '-f' option was used, verify that the correct file name was provided. 2650-990 ctsthl Failure: The command was issued with conflicting options. The following options cannot be specified together in the same execution of this command: %1$s and %2$s Please verify that the command was issued correctly. 2650-991 ctsthl Failure: The '%1$s' option must be specified when using the '%2$s' option. 2650-992 ctsthl Failure: The following key generation method is not supported by this version of the 'ctsthl' command: %1$s Please verify that the command was issued correctly. Use the 'ctskeygen -i' command to obtain the list of key generation methods supported by this version of the command. 2650-993 libct_has Failure: Inconsistency detected between the two trusted host lists provided to this routine. A host name appears in both lists, but each list contains a different host identifier value for that host. This routine considers this to be an input error, and has stopped the processing being performed on these lists. Failing routine name: %1$s Host name: %2$s Ensure that correct addresses are being provided to this routine for each trusted host list. The application may be erroneously constructing these lists, or the application may be overwriting information stored in these lists. 2650-994 ctsthl Failure: The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-995 libct_has Failure: Unable to generate an usable host identifier token for the local system. All host identifier tokens generated by the library failed the usage acceptance tests imposed by the library. Contact the cluster security software service provider and report this failure. 2650-996 libct_has Failure: The file containing a libct_mss formatted typed key appears to be corrupted. This problem will prevent the security library from properly authenticating or deciphering incoming messages from other hosts within the cluster. Contact the system administrator and report this problem. System administrators should check the permissions on the following file: %1$s Permissions on this file should be set to: %2$d If the file permissions are correct, the file contents may be corrupted. Corruption can occur if attempts are made to modify this binary file using a text editor or other unsupported file access tool. System administrators should shut down all cluster trusted services that make use of the key stored within this file, regenerate the typed key, and redistribute the typed key to all nodes within the cluster. Once the key is redistributed, the cluster trusted services may be restarted. Monitor this file to ensure that no other applications or users are erroneously accessing and modifying this file. Name of internal failing routine: %3$s Error code from system call: %4$d 2650-997 libct_has Failure: The routine could not record a typed key to the specified typed key file. The file system where this file resides does not have sufficient space to store the resulting file. Failing routine name: %1$s Key file name as provided: %2$s Report this failure to the system administrator. System administrators should consider identifying and removing obsolete file from this file system, removing obsolete versions of this key from this key file, or increasing the disk space allocated to this file system. 2650-998 libct_has Failure: The routine could not access a specified directory while attempting to create a typed key file. The directory may not exist, may not be a directory, may contain too many symbolic links within its path name, or may have an unresolved symbolic name within its path name. Failing routine name: %1$s File path name in error: %2$s The following error code was returned by the open() or creat() function: Error code: %3$d (documented in /usr/include/errno.h) Verify that the correct file path name has been provided. If the correct path name was provided, check the path for any of the problems mentioned in this message. 2650-999 libct_has Failure: The routine could not access a specified directory while attempting to create a typed key file. The user of this process does not have sufficient permission to access the directory that would contain this file. Failing routine name: %1$s File path name in error: %2$s The following error code was returned by the open or stat function: Error code: %3$d (documented in /usr/include/errno.h) Verify that the correct file path name has been provided. If the correct path name was provided, contact the system administrator. System administrators should verify that the process user has sufficient permission to access the directory that would contain this file. 2650-950 libct_has Failure: A failure was detected while preparing a key schedule for the typed key being read from a file. Failure code (documented in /usr/include/rsct/ct_sec.h): %1$d Path name of typed key file: %2$s Failing routine called by: %3$s The attempt to read the typed key from the file has failed. The key cannot be used for authentication or encryption functions. This failure can be caused by insufficient available memory to store the key schedule, or it can also be caused by a corruption of the key value within the file. Verify that the correct file name was specified. If the correct key file was used, report this problem to the system administrator. System administrators should verify that the key file is not corrupted, or repair or regenerate the the key file if corruption is detected. Disable any trusted systems making use of this key file before regenerating the key file. Whenever a key file is regenerated, the system administrator may need to transfer the new key file to any remote systems that make use of the key within this file. 2650-949 libct_has Failure: Cannot locate a host identifier token for the following host name in the trusted host list on the local system: %1$s Verify that the correct host identifier was provided to this routine. If the host identifier is correct, the host may not be recognized as a trusted host on this system. Contact the system administrator if this host is believed to be a trusted host to this system. 2650-948 ctsthl Failure: Cannot obtain a host identifier token for the local system. The user of this command may not have sufficient privilege to access the local system public key file, or the file is not present on the local system, or the file permissions are incorrect. Verify that the correct user is using this command. Verify that the public key file exists on this system, and that the file permissions are set correctly. If the file is not present, contact the system administrator. 2650-947 ctsthl Failure: Cannot obtain a host identifier token for the local system. The user of this command may not have sufficient privilege to access the local system public key file, or the file permissions are incorrect, or permissions on the directory containing the public key file have been altered. Verify that the correct user is using this command. Verify that the file and directory permissions are set correctly. If the file permissions are not correct, contact the system administrator. 2650-946 ctsthl Failure: Cannot query the available network interfaces for the local system. The command was unable to create a socket to perform this query. Retry this command at a later time. If the condition persists, contact the system administrator. System administrators should verify that there are not an excessive number of opened files on the local system, and should contact the cluster security software service provider to report this failure. 2650-945 ctsthl Failure: Cannot query the available network interfaces for the local system. An attempt to query this information through an established socket connection failed. Retry this command at a later time. If the condition persists, contact the system administrator. System administrators should contact the cluster security software service provider to report this failure. Error code from ioctl() system call: %d ctsthl: Created trusted host list file: %1$s ctsthl: Removed trusted host list file: %1$s 2650-944 ctsthl Failure: The value provided for the host identity value does not end on a full byte boundary: %1$s This command requires that all identifier values end on full byte boundaries. The value provided must contain an even number of hexadecimal characters. Verify that the correct value for the identifier value has been provided as the argument to the -p option. 2650-943 ctsthl Failure: Insufficient space in file system. The file system where the trusted host list file is stored has insufficient space available. The modification attempted by this command has failed. Trusted Host List File name: %1$s Contact the system administrator and report this problem. System administrators should extend the size of the file system where this file is stored, remove unnecessary files from this file system, or compress files residing in this file system to regain storage. ctsthl: Displays and modifies the trusted host list file to be used with the CtSec cluster security service host authentication services software. Syntax: ctsthl { -a | -d | -h | -l | -s } [-f trustedhostfile] [-n hostname] [-m method] [-p identifier] Options: -a Adds an entry for a host to the trusted host list file. The '-n', '-m', and '-p' options must also be provided. If an entry already exists for the specified host in the trusted host list file, the entry is modified to match the information provided to this command. -d Removes an entry for a specified host from the trusted host list file. The '-n' option must also be provided. -f Indicates the fully qualified path name of the trusted host list file. If this option is not provided, the default system trusted host list file name is used. -h Displays a help message for this command. -l (lower case L) Lists the contents of the trusted host list file to standard output. -n Indicates the host identity to be used in this operation. -m Used with the '-p' option, this indicates the method used to generate the host identifier key. The 'ctskeygen -i' command lists the available key generation methods. -p Specifies the host identifier value to be used in this operation. Host identifiers are represented as a character string encoding of the host identifier value. For example, a host identifier value of 0x5df367b9 is expressed as '-p 5df367b9'. -s Instructs the command to seed the trusted host file with entries for each known host name and IP address value of the local system. If any entries exist for any of these values, they are replaced by this option. ------------------------------------------------------------------------ Host Based Authentication Mechanism Verification Check Private and Public Key Verifications Configuration file: %1$s Status: Available Status: Configuration Error - Missing. Status: Configuration Error - Empty. Status: Configuration Error - Not a regular file. Status: Configuration Error - Cannot determine file status. Status: Usage Error - User cannot access file. Status: Attention - Permissions not as expected, Expected -r-------- Status: Attention - Permissions not as expected, Expected -r--r--r-- Status: Attention - Ownership not as expected, Expected file to be owned by root. Default key type: Key Type: rsa512 RSA key generation method, 512-bit key. Key Type: rsa1024 RSA key generation method, 1024-bit key. Key Type: rsa2048_sha256 RSA key generation method, 2048-bit key. Key Type: rsa2048_sha512 RSA key generation method, 2048-bit key. Key Type: rsa3072_sha256 RSA key generation method, 3072-bit key. Key Type: rsa3072_sha512 RSA key generation method, 3072-bit key. Key Type: rsa4096_sha256 RSA key generation method, 4096-bit key. Key Type: rsa4096_sha512 RSA key generation method, 4096-bit key. Key Type: Attention - unknown key type. Private Key file: %1$s Source: Configuration file. Source: %1$s command line argument. Key Type: Public Key file: %1$s Key Parity: Public and private keys are in pair. Key Parity: Configuration Error - Public and private keys are not in pair. Trusted Host List File Verifications Trusted Host List file: %1$s Identity: %1$s Status: Trusted host. Status: Attention - Not a trusted host. Status: Attention - Public key value does not match value obtained from public key file. Host Based Authentication Mechanism Verification Check completed. ------------------------------------------------------------------------ Status: Configuration Error - cannot examine trusted host list file because of incorrect permissions or file corruption. %1$s: A verification utility for the Host Based Authentication (HBA) security mechanism. This program can be used to verify that private and public keys are in pair, and to verify that the public key value used for the local system in a trusted host list is correct. Syntax: ctsvhbac [ [ -d | -h | -m | -s ] | [ -e msgnum[,msgnum...] ] [ -l { 1 | 2 | 3 | 4 } | -b ] [ -p pubkeyfile ] [ -q pvtkeyfile ] [ -t thlfile ] ] Options: -b Produces brief output. When this option is used, the command displays only summary output of the tests and any errors detected. Further details of any errors can be determined by reissuing this command without this option. If the -l option is specified, this option is ignored. -d Displays the list of probes required for successful execution of this command. -e Specifies a list of error messages that are not to be displayed by this command during its execution. One or more message numbers may be specified. Message numbers must be in the xxxx-yyy format. Multiple messages are to be separated by commas (,) with no intervening white space characters. -h Displays a help message for this command. -l Allows the Cluster System Management (CSM) Probe Infrastructure to set the detail level of the output. Accepted levels: 1 Verbose mode - Displays the command purpose summary and status information for all tests. 2 Displays the command purpose summary and any attention or error conditions detected in any tests. 3 Displays any attention or error conditions detected in any tests. 4 Silent mode - Displays errors detected during the tests. -m Displays a detailed description of the command and its purpose. -p Specifies the path name of the public key file that is to be used by the command. If this option is not specified, the command will use the public key file currently configured for the Host Based Authentication security mechanism. -q Specifies the path name of the private key file that is to be used by the command. If this option is not specified, the command will use the private key file currently configured for the Host Based Authentication security mechanism. -s Displays a summary of the purpose for the command. -t Specifies the path name of the trusted host list file that is to be used by the command. If this option is not specified, the command will use the trusted host list file currently configured for the Host Based Authentication security mechanism. %1$s: Verifies Host Based Authentication mechanism basic configuration %1$s:Trace :%1$s:Attention :%1$s:Error :%1$s:Internal Error:%1$s:Description :This command performs a series of tests on the Host Based Authentication (HBA) mechanism configuration. * The command verifies that the HBA mechanism configuration file is available and can be processed. * The command verifies that the HBA private key file exists and can be processed. * The command verifies that the HBA public key file exists and can be processed. * The command verifies that the private and public keys for the local system are in pair. This means that the public key is known to be derived from the private key. * The command verifies that the HBA trusted host list file exists and can be processed. * The command checks the contents of the HBA trusted host list for all of the host names and network addresses supported by the local node, determining if entries exist in the trusted host list file for them. If a host name or network address is found, the command verifies that the same public key value that was used in earlier tests is listed for the name or address. The command user may specify the private key file, public key file, and trusted host list file to use in the command. By default, this information is extracted from the Host Based Authentication mechanism configuration file. %1$s: This command does not depend on other probes %1$s: Private and public key parity test failed. The private and public keys tested were found to be not in pair. This can cause authentication failures between the local system and other systems in the cluster. These keys were obtained from the following files: Private key file: %2$s Public key file: %3$s If the %4$s or %5$s options were specified, ensure that the correct private and public key file path names were used. If the correct file path names were used, the system administrator should consider generating a new pair of private and public keys using the ctskeygen command and replacing the entries for the local system in the trusted host list file using the ctsthl command. System administrators should remember that when these keys are regenerated for a node, all systems that consider the local system a trusted host must be informed of the public key value change and update their trusted host lists accordingly. %1$s: A local host identity was omitted from the trusted host list. At least one host name or network address currently supported by the local system was not listed in the trusted host list file. This can cause authentication failures for an application on the local system if it attempts to contact a service on the local system through a network communication channel. The trusted host list file used in this test is listed below: Trusted host list file: %2$s If the %3$s option was specified, ensure that the correct trusted host list file path name was used. If the correct file path name was used, the system administrator should consider adding an entry for the omitted local system identity to the trusted host list using the ctsthl command. The list of omitted identities can be obtained by issuing the %1$s command with the most detailed output option enabled. %1$s: A public key value is in error in the trusted host list file. At least one host name or network address currently supported by the local system was listed in the trusted host list file with a public key value that does not match the public key found by this command. This can cause authentication failures for an application on the local system if it attempts to contact a service on the local system through a network communication channel. The trusted host list file used in this test is listed below: Trusted host list file: %2$s The public key value was obtained from the following file: Public key file: %3$s If the %4$s and %5$s options were specified, ensure that the correct trusted host list file path name and public key file path name were used. If the correct file path names were used, the system administrator must perform further investigation to determine whether it is the public key file or the trusted host list file is in error. One means for making this determination is to check the public key value listed for the local system on another system that regards the local system as a trusted host, using the ctsthl command on the other system. This value can be compared to the value obtained from the ctskeygen -d command on the local system. If these values agree, then it is likely that the local trusted host list file is in error. The incorrect entry can be modified to use the correct public key value using the ctsthl command on the local system. The list of identities associated with incorrect public key values can be obtained by issuing the %1$s command with the most detailed output option enabled. Status: Configuration Error - File not in proper format, or file corrupted [message unused] %1$s: The trusted host list file has a configuration problem. The trusted host list file used by this command resides in the following location: Trusted host list file path name: %2$s For further detail on the nature of the configuration problem, issue the %1$s command with the most detailed output option enabled. The appropriate corrective action will depend on the nature of the configuration problem. * For user access failures, ensure that the correct system user is issuing this command. * For other conditions, ensure that the correct trusted host list file path name is specified in the %3$s option or the configuration file. If the file path name is correct, the system administrator should consider generating a new trusted host list file by removing the current trusted host list file and using the ctsthl -s command to create a new file. System administrators should remember that a new trusted host list file will only contain entries for the local host. After the new file is created, an entry will have to be created for every host that the local host will consider a trusted host. New entries can be added to the trusted host list using the ctsthl -a command. * If the command cannot determine the private key file status, the file system may require further manual examination. %1$s: The Host Based Authentication (HBA) mechanism identities for the local system are: %1$s: Attention - The command was unable to obtain any identities for the local host that would be used by the Host Based Authentication (HBA) mechanism. This system will not be able to build valid HBA credentials to identify itself to any networked systems, which can result in authentication failures for client applications running on the local system. This condition can occur if no network interfaces, other than the loopback interfaces, are currently operational on the local system. Ensure that at least one network interface is operational on the local system. %1$s: In order for remote authentication to be successful, at least one of the above identities for the local system must appear in the trusted host list on the remote node where a service application resides. Ensure that at least one host name and one network address identity from the above list appears in the trusted host list on any remote systems that act as servers for applications executing on this local system. %1$s: Obtains remote Host Based Authentication mechanism host identities %1$s: A verification utility for the Host Based Authentication (HBA) security mechanism. This program displays the possible identities that the local system may use to identify itself in Host Based Authentication credentials. Syntax: ctsvhbal [ [ -d | -h | -m | -s ] | [ -e msgnum[,msgnum...] ] [ -l { 1 | 2 | 3 | 4 } | -b ] Options: -b Produces brief output. When this option is used, the command displays only the host identities found for the local system and any errors detected. If the -l option is specified, this option is ignored. -d Displays the list of probes required for successful execution of this command. -e Specifies a list of error messages that are not to be displayed by this command during its execution. One or more message numbers may be specified. Message numbers must be in the xxxx-yyy format. Multiple messages are to be separated by commas (,) with no intervening white space characters. -h Displays a help message for this command. -l Allows the Cluster System Management (CSM) Probe Infrastructure to set the detail level of the output. Accepted levels: 1 Verbose mode - Displays the command purpose summary and status information for all tests. 2 Displays the command purpose summary and any attention or error conditions detected in any tests. 3 Displays any attention or error conditions detected in any tests. 4 Silent mode - Displays errors detected during the tests. -m Displays a detailed description of the command and its purpose. -s Displays a summary of the purpose for the command. %1$s: The Host Based Authentication Mechanism may use either a host name or a network address value during the authentication of a credential, depending on the method chosen by the local application. If applications on the local system request services from remote systems, the system administrator should verify the following items: * The results of this command should be compared to the results of the 'ctsvhbar ' command on the remote system. If a host name returned by this command does not appear in the 'ctsvhbar ' command results on the remote system, authentication between these systems may not succeed. In these cases, system administrators should verify that both systems are using the same host name resolution scheme, and host name resolution should be repaired on these systems until the host name returned by this command agrees with the results of the 'ctsvhbar ' command on the remote system. * The host name returned by this command is listed in the trusted host list on the remote system. If the host name is not listed, or an exact match for this host name is not found, authentication between these systems may not succeed. An entry for the host name can be added to the trusted host list on the remote system using the 'ctsthl -a' command. Some applications require authentication of the service application on the remote system. For authentication to succeed in these cases, the remote system must be able to authenticate applications from the local system, and vice versa. System administrators should verify that authentication is possible not only from the local system to the service application on the remote system, but that applications on the remote system can also be authenticated by applications on the local system as well. This can be verified using the 'ctsvhbal' and 'ctsvhbar' commands: * Issue 'ctsvhbar ' on the local system, * Issue 'ctsvhbal' on the remote system, * Verify that the host name returned by the 'ctsvhbal' command matches a host name entry displayed from the 'ctsvhbar ' command. If no match is found, diagnose the host name resolution schemes on both systems as mentioned earlier. * Verify that the host name returned from the 'ctsvhbal' command appears in the trusted host list on the local system. If the host name is not listed, add an entry for it as mentioned earlier. %1$s: A verification utility for the Host Based Authentication (HBA) security mechanism. This program accepts a host name or network address of a remote system and returns the host name that the Host Based Authentication mechanism would use to verify credentials from that host on the local system. Syntax: ctsvhbar [ [ -d | -h | -m | -s ] | [ -e msgnum[,msgnum...] ] [ -l { 1 | 2 | 3 | 4 } | -b ] [ ... ] Options: -b Produces brief output. When this option is used, the command displays the host identities provided by the command user, the fully qualified host identities obtained for them, and any errors. If the -l option is specified, this option is ignored. -d Displays the list of probes required for successful execution of this command. -e Specifies a list of error messages that are not to be displayed by this command during its execution. One or more message numbers may be specified. Message numbers must be in the xxxx-yyy format. Multiple messages are to be separated by commas (,) with no intervening white space characters. -h Displays a help message for this command. -l Allows the Cluster System Management (CSM) Probe Infrastructure to set the detail level of the output. Accepted levels: 1 Verbose mode - Displays the command purpose summary and status information for all tests. 2 Displays the command purpose summary and any attention or error conditions detected in any tests. 3 Displays any attention or error conditions detected in any tests. 4 Silent mode - Displays errors detected during the tests. -m Displays a detailed description of the command and its purpose. -s Displays a summary of the purpose for the command. %1$s: The Host Based Authentication Mechanism may use either a host name or a network address value as part of the identification information within a credential, depending on the method chosen by the application. If the local system is to service requests from remote systems, at least one network address and host name for that remote system must appear in the trusted host list on the local system. System administrators should verify the following items: * The results of this command should be compared to the results of the 'ctsvhbal' command on the remote system. If the host name returned by this command does not appear in the 'ctsvhbal' command results on the remote system, authentication between these systems may not succeed. In these cases, system administrators should verify that both systems are using the same host name resolution scheme, and host name resolution should be repaired on these systems until the host name returned by this command agrees with the results of the 'ctsvhbal' command on the remote system. * The host name returned by this command is listed in the trusted host list on the local system. If the host name is not listed, or an exact match for this host name is not found, authentication between these systems may not succeed. An entry for the host name can be added to the trusted host list on the local system using the 'ctsthl -a' command. Some applications require authentication of the service application on the local system. For authentication to succeed in these cases, the remote system must be able to authenticate applications from the local system, and vice versa. System administrators should verify that authentication is possible not only from the remote system to the service application on the local system, but that applications on the local system can also be authenticated by applications on the remote system as well. This can be verified using the 'ctsvhbal' and 'ctsvhbar' commands: * Issue 'ctsvhbal' on the local system, * Issue 'ctsvhbar ' on the remote system, * Verify that the host name returned by the 'ctsvhbal' command matches a host name entry displayed from the 'ctsvhbar ' command. If no match is found, diagnose the host name resolution schemes on both systems as mentioned earlier. * Verify that the host name returned from the 'ctsvhbal' command appears in the trusted host list on the remote system. If the host name is not listed, add an entry for it as mentioned earlier. Host name or network address: %1$s Fully qualified host name used for authentication: %2$s Host name or network address: %1$s Fully qualified host name used for authentication: [Cannot determine host name] %1$s: Attention - This command is intended to be used as part of a manual diagnostic effort, or as a component part of a larger diagnostic utility. The command displays a series of host names which are to be compared to values obtained from other systems in the cluster. To view this information, the command must be used with the output level set to 1. 2650-942 %1$s Failure: Unable to access the Host Based Authentication mechanism configuration file on this system. The configuration file is expected to reside in the following file: %2$s Ensure that this files is present, and verify that the user issuing this command has sufficient privilege to read these files. If the file does not exist, contact the system administrator and report this problem. 2650-941 %1$s Failure: Invalid message number string detected as argument to the %2$s option. Message number strings are expected to have the following format: xxxx-yyy. The failure condition was detected when parsing this portion of the argument string: %3$s. 2650-940 libct_has Failure: Cannot query the available network interfaces for the local system. The library was unable to create a socket to perform this query. Retry this application at a later time. If the condition persists, contact the system administrator. System administrators should verify that there are not an excessive number of opened files on the local system, and should contact the cluster security software service provider to report this failure. 2650-939 libct_has Failure: Cannot query the available network interfaces for the local system. An attempt to query this information through an established socket connection failed. Retry the application at a later time. If the condition persists, contact the system administrator. System administrators should contact the cluster security software service provider to report this failure. Error code from ioctl() system call: %d 2650-938 %1$s Failure: The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-937 %1$s Failure: This command is unable to access the private key file on this system, because of a configuration problem on this system or because of insufficient user privilege. The failure involves the following file name: %2$s The command user may not have sufficient privilege to access this file. The private key file using this name may not exist, a component of this directory may not exist, may contain an unresolved symbolic link, may contain too many symbolic links, may not be a directory. If the '-q' option was specified, verify that the correct file name was provided as an argument for that command option. Examine the system configuration for this directory name, and correct any of these problems that may exist. 2650-936 %1$s Failure: An unexpected failure occurred in a subroutine called by this command. Please record the following diagnostic information: Failing routine name: %2$s Error status from failing routine: %3$d Failing routine called by: %4$s Please contact your software service provider and report this information. 2650-935 %1$s Failure: Cannot query the available network interfaces for the local system. The command was unable to create a socket to perform this query. Retry this command at a later time. If the condition persists, contact the system administrator. System administrators should verify that there are not an excessive number of opened files on the local system, and should contact the cluster security software service provider to report this failure. 2650-934 %1$s Failure: This command could not allocate memory needed. Identify processes currently executing on the system that are consuming large amounts of memory, and consider canceling or terminating these processes. If this condition persists or occurs every time this command is invoked, this symptom may indicate a possible problem with the command itself, and the software service provider should be contacted. 2650-933 %1$s Failure: The following option was specified more than once: %2$s Please verify that the command was issued correctly. 2650-932 %1$s Failure: A required option or argument was omitted from this command. Status: Attention - Ownership not as expected Expected file to be owned by bin 2650-931 %1$s Failure: The command was unable to verify the contents of the trusted host list file. The trusted host list file used by this command is: %2$s The file either has incorrect file permissions that restrict the user of this command from examining the contents of this file, or the file contents are corrupted. Verify that the correct path name for the trusted host list file was used, and that the file permissions are correct. If both items are correct, consider removing and rebuilding the trusted host list file on this system to repair the problem. %1$s: Obtains local Host Based Authentication mechanism host identities %1$s: No local host identities were detected in the trusted host list. This can cause authentication failures for an application on the local system if it attempts to contact a service on the local system through a network communication channel. The trusted host list file used in this test is listed below: Trusted host list file: %2$s If the %3$s option was specified, ensure that the correct trusted host list file path name was used. If the correct file path name was used, the system administrator should consider adding an entry for the omitted local system identity to the trusted host list using the ctsthl command. The list of omitted identities can be obtained by issuing the %1$s command with the most detailed output option enabled. %1$s: None of the host identities currently supported by the local system are associated with the current public key value used by the local system. This can cause authentication failures for an application on the local system if it attempts to contact a service on the local system through a network communication channel. The trusted host list file used in this test is listed below: Trusted host list file: %2$s The public key value was obtained from the following file: Public key file: %3$s If the %4$s and %5$s options were specified, ensure that the correct trusted host list file path name and public key file path name were used. If the correct file path names were used, the system administrator must perform further investigation to determine whether it is the public key file or the trusted host list file is in error. One means for making this determination is to check the public key value listed for the local system on another system that regards the local system as a trusted host, using the ctsthl command on the other system. This value can be compared to the value obtained from the ctskeygen -d command on the local system. If these values agree, then it is likely that the local trusted host list file is in error. The incorrect entry can be modified to use the correct public key value using the ctsthl command on the local system. The list of identities associated with incorrect public key values can be obtained by issuing the %1$s command with the most detailed output option enabled. 2650-930 %1$s Failure: The command was unable to obtain the local host identity information necessary for the Host Based Authentication (HBA) security mechanism to correctly identify this system to a remote system. This failure may be the result of poor network performance between the local system and the network domain name server, by poor performance on the domain name server, or by network host name resolution configuration problems. Perform the proper problem determination procedures to identify and repair host name resolution and domain name service problems. Repeat this command at a later time. %1$s: A host naming discrepency has been detected that can cause failures in Host Based Authentication mutual authentication processing. The fully resolved host name for the local system is listed below. %2$s This name was obtained by resolving the value returned by the gethostname() C library routine. However, this name was not obtained when the host names for all active network addresses were obtained. Because a matching value was not found, mutual authentication can fail in certain conditions. The host name and address resolution capability of the local system should be modified so that the same fully resolved host name value is obtained for both the local system name and at least one of the currently active network interfaces. 2650-929 %1$s Failure: The private key file has a configuration problem. The private key file used by this command resides in the following location: Private key file path name: %2$s For further detail on the nature of the configuration problem, issue the %1$s command with the most detailed output option enabled. The appropriate corrective action will depend on the nature of the configuration problem. * For user access failures, ensure that the correct system user is issuing this command. * For other conditions, ensure that the correct private key file path name is specified in the %3$s option or the configuration file. If the file path name is correct, the system administrator should consider generating a new pair of private and public keys using the ctskeygen command and replacing the entries for the local system in the trusted host list file using the ctsthl command. System administrators should remember that when these keys are regenerated for a node, all systems that consider the local system a trusted host must be informed of the public key value change and update their trusted host lists accordingly. * If the command cannot determine the private key file status, the file system may require further manual examination. 2650-928 %1$s Failure: The public key file has a configuration problem. The public key file used by this command resides in the following location: Public key file path name: %2$s For further detail on the nature of the configuration problem, issue the %1$s command with the most detailed output option enabled. The appropriate corrective action will depend on the nature of the configuration problem. * For user access failures, ensure that the correct system user is issuing this command. * For other conditions, ensure that the correct public key file path name is specified in the %3$s option or the configuration file. If the file path name is correct, the system administrator should consider generating a new pair of private and public keys using the ctskeygen command and replacing the entries for the local system in the trusted host list file using the ctsthl command. System administrators should remember that when these keys are regenerated for a node, all systems that consider the local system a trusted host must be informed of the public key value change and update their trusted host lists accordingly. * If the command cannot determine the public key file status, the file system may require further manual examination. 2650-927 %1$s Failure: Unable to remove the file %2$s on the node. The unlink() sytem call failed with errno = %3$d. Either the file specified does not exist or the user does not have permissions to remove the file. Please check the file permissions of the file and make sure the user attempting to remove the file has sufficient authority to do that. 2650-926 ctsthl Failure: This command is unable to create a file to store the compressed trusted host list on this system. There is insufficient space in the file system where the trusted host list is stored to create a temporary file that is needed to compress the trusted host list file. The trusted host list file has not been changed. The file system causing this failure contains the following directory: %1$s Increase the amount of space in this file system, or identify and remove unnecessary files in this file system to restore space to this file system. ctsthl: The following trusted host list has been compressed: %1$s 2650-100 Incorrect parameters provided to %1$s(). Positional parameter number: %2$d Please provide a valid argument to the routine. Each routine defines its own criteria for valid arguments. Check the CtSec programming guide for the routine's man page to determine the range of valid arguments. The routine was unable to return the requested number of keys. This is not an error condition. Please call the routine in a loop until the total number of keys requested is obtained. Number of keys requested: %d Number of keys returned: %d ctscachgen: Generates/interrogates an on-disk key cache file. Syntax: ctscachgen -c { -q | -n | -k -t } [-m ] [-s ] [-f] [-i] [-h] ctscachgen: Generates/interrogates an on-disk key cache file. Usage: ctscachgen -c [-f] { -q | -n | -k -t } [-m ] [-s ] or ctscachgen -c -i or ctscachgen -h Options: -c Represents the name of the on-disk key cache file that needs to be generated or interrogated. This option must always be specified. -f Instructs the command to override an existing on-disk key cache file without asking the invoker. -h Displays this help message for the command. -i Displays information about the on-disk key cache file specified by the '-c' option. This option must be used only in conjunction with the '-c' option. -k Used with the '-t' option. This option provides the hexadecimal value of the encryption key used to encrypt the session keys. It cannot be used in conjunction with the '-n' or the '-q' options. (e.g.: '-k 4fed8709d2ee42b7'). -m Provides the session key generation method. Valid values are: des_md5 3des_md5 aes256_md5 If this option is not provided, the default method for generating the session keys is des_md5. -n This option provides the name of the file that contains the encryption typed key. This option cannot be used in conjunction with the '-k'/'-t' or the '-q' option. -q Instructs the command to use the host's HBA private key as as encryption key used for encrypting the session keys in the on-disk key cache file. This option cannot be used in conjunction with the '-n' or the '-k'/'-t' options. -s Provides the size of the on-disk key cache file in terms of number of keys in the cache. If this option is not provided, the default cache size is 128 keys. -t Used with the '-k' options. It provides the type of the encryption key specifed by the '-k' option. The valid key types are as follows: des_cbc des_md5 3des_md5 aes256_md5 rsa512_sha rsa1024_sha Key cache file already exists! Remove existing file and generate new file? yes|[no] yesnoctscachgen On-disk key cache file info: key cache filename: %1$s cache version: %2$d cache read count: %3$d session key generation method: %4$s cache key count: %5$d pre-encryption key: %6$s 2650-200 SKC Failure: Unable to initialize one of the elements of the locking mechanism or the Session Key Cache descriptor. The most probable reason for this failure is a lack of available system resources. Please ensure that there are sufficient system resources available by reducing the number of applications running on the system. Failing routine: %1$s Return code: %2$d File name: %3$d Line no.: %4$d 2650-201 SKC Failure: The SKC context token provided to the routine is not valid. Please use the sec_skc_alloc_context routine in order to obtain a valid SKC context token. If sec_skc_alloc_context returned an error, do not attempt to end the context token returned. 2650-202 SKC Failure: The SKC context token provided to the routine is being terminated by another thread. No operation is allowed on a SKC context that is terminating, including another termination, acquiring session keys, setting context attributes, starting the context, etc. Please wait for the other thread to finish terminating the SKC context. 2650-203 SKC Failure: The SKC context attribute provided cannot be (re)set after the context was started. Attribute identifier: %1$d Please terminate the current SKC context (sec_skc_end_context), allocate a new one (sec_skc_alloc_context) and then set the value of the attribute before starting the context. 2650-204 SKC Failure: The value of the attribute provided is not valid. Attribute identifier: %1$d Attribute value: %2$s Please provide a valid value for the SKC context attribute. 2650-205 SKC Failure: The value of the SKC file name attribute provided is not valid. Its length is longer than maximum allowed by the operating system either by itself (if full path) or relative to the process's current working directory (if relative path). SKC file name: %1$s Current working directory: %2$s Please provide a valid file name for the SKC file cache. 2650-206 SKC Failure: The value of the SKC key limit attribute is not valid. A valid total number of keys in the cache must be a positive, non-zero 32 bit integer. Key limit provided: %1$d Please provide a valid number of keys the SKC must hold. 2650-207 SKC Failure: The value of the SKC key type attribute is not valid. Key type: 0x%1$08x The following is a list of key types supported: SEC_C_KEYTYPE_DES_MD5, SEC_C_KEYTYPE_3DES_MD5, and SEC_C_KEYTYPE_AES256_MD5. Please provide a valid key type for the SKC context. 2650-208 SKC Failure: The value of the SKC maximum number of key generator threads attribute provided is not valid. A valid maximum number of key generator threads must be a positive, 32 bit integer that is also smaller than the maximum allowed. Max number of key generator threads provided: %1$d Max number of key generator threads allowed: %2$d Please provide a valid number of max key generator threads. 2650-209 SKC Failure: The value of the SKC key generator's quota attribute is not valid. This attribute specifies how many keys a generator thread generates in one step, before adding them to the key cache. A valid key generator quota is a positive, non-zero 32 bit integer that is also smaller than the maximum allowed. Key generator quota provided: %1$d Maximum key generator quota allowed: %2$d Please provide a valid number of max keys that a generator thread generates before saving them to the key cache. 2650-210 SKC Failure: The value of the SKC key generator thread priority attribute is not valid. This attribute specifies how much lower the priority of the key generator threads will be compared to the default thread priority. A valid key generator thread priority is a positive, non-zero, 32 bit integer that is also smaller than the maximum allowed. Key generator thread priority provided: %1$d Max key generator thread priority allowed: %2$d Please provide a valid number for the key generator thread priority. 2650-211 SKC Failure: The value of the SKC key generator threshold attribute is not valid. This attribute specifies how many keys must be removed from the key cache before new keys are being generated. A valid key generator threshold is a positive, non-zero, 32 bit integer that is also smaller than the maximum allowed. Key generator threshold provided: %1$d Maximum key generator threshold allowed: %2$d Please provide a valid number for the key generator threshold. 2650-212 SKC Failure: The SKC context has already been allocated. In the current implementation, the SKC context cannot be allocated twice. Use sec_skc_end_context to terminate the previously allocated context and then allocate the context again. 2650-213 SKC Internal failure: Unable to lock the pthread mutex defined by the SKC context. A most possible reason for this failure is a lack of system resources. Failing routine: %1$s Return code: %2$d Terminate the application, reduce the number of overall applications on the system and then restart the application. File name: %3$s Line number: %4$d 2650-214 SKC Internal failure: The SKC context did not initialize properly. The pthread locking mechanism elements are not available for using. This may be due to a lack of system resources. Terminate the application, reduce the number of overall applications on the system and then restart the application. 2650-215 SKC Failure: The SKC context token provided was not allocated prior to calling this routine. Only allocated contexts can be used to set attribute values, get attribute values, start, or get keys from them. Allocate the SKC context by calling sec_skc_alloc_context before attempting to do any of the operation mentioned before. 2650-216 SKC Internal Failure: Unable to initialize a pthread attribute. A most possible reason for this failure is a lack of system resources. Failing routine: %1$s Return code: %2$d Terminate the application, reduce the number of overall applications on the system and then restart the application. File name: %3$s Line number: %4$d 2650-217 SKC Internal Failure: Unable to get the scheduling paramaters of the current thread. There is no documented reason for this routine to fail in the manner it is being used. Failing routine: %1$s Return code: %2$d If this is an IBM provided application, contact Customer Support. If this is a third party application, contact the application provider. File name: %3$s Line number: %4$d 2650-218 SKC Failure: The buffer containing the marshalled or encrypted key provided to this routine is not valid. Either its length or its value are incorrect. Length of key buffer: %1$d Address of key buffer value: 0x%2$08x Please provide the key buffer from the key doublet obtained from the key cache with the sec_skc_get_keys() routine. 2650-219 SKC Failure: The buffer argument provided by the caller is either NULL or its length is smaller than what is required to hold the requested number of keys. Address of key buffer: 0x%1$08x Length of the buffer provided: %2$d Number of keys requested: %3$d Required minimum length of buffer: %4$d The caller must provide a buffer of at least the length specified. 2650-220 SKC Internal Failure: Unable to set the scheduling paramaters of a pthread attribute. The most probable reason for this failure is a memory violation in the application's process. Failing routine: %1$s Return code: %2$d If this is an IBM provided application, contact Customer Support. If this is a third party application, contact the application provider. File name: %3$s Line number: %4$d 2650-221 SKC Internal Failure: Unable to set the detach state of a pthread attribute. The most probable reason for this failure is a memory violation in the application's process. Failing routine: %1$s Return code: %2$d If this is an IBM provided application, contact Customer Support. If this is a third party application, contact the application provider. File name: %3$s Line number: %4$d 2650-222 SKC Internal Failure: Unable to create the key generator thread. The most probable reason for this failure is a lack of system resources. Another reason may be a memory violation in the application's process. Failing routine: %1$s Return code: %2$d If this is an IBM provided application, contact Customer Support. If this is a third party application, contact the application provider. File name: %3$s Line number: %4$d 2650-223 SKC Failure: The number of keys requested is not valid. A valid number of keys must be a positive number, greater than 0. Number of requested keys: %1$d Provide a valid number of keys that this routine should return. 2650-224 SKC Failure: Another thread decided to terminate the SKC context before any keys were available in the key cache. This is a normal condition generated by the application's coding practices. Please allocate and start a new SKC context before requesting any more keys from the SKC library. File name: %1$s Line number: %2$d 2650-225 SKC Internal failure: An unexplained error condition occurred. The most probable cause is a memory violation in the application's process. A less probable cause is a coding error. Contact the application provider and make sure a memory utilization analysis is performed on the application. If this is an IBM application, contact IBM's Customer Support. File name: %1$s Line number: %2$d 2650-226 SKC Internal Failure: The master key generator thread is no longer valid. The most probable cause is a memory violation in the application's process. A less probable cause is a coding error. Contact the application provider and make sure a memory utilization analysis is performed on the application. If this is an IBM application, contact IBM's Customer Support. File name: %1$s Line number: %2$d 2650-227 SKC Failure: The SKC context token provided was not started prior to calling this routine. Keys can be obtained only from started SKC contexts. Plese start the SKC context by calling sec_skc_start_context before retrieving keys from the key cache. 2650-228 SKC Failure: The value of the SKC key generator's spin attribute is not valid. This attribute specifies how many spins a generator thread goes throught before terminating. At the end of each spin, the quota of keys generated is added to the cache. A valid number of spins is a positive, non-zero 32 bit integer that is also smaller than the maximum allowed. Number of spins provided: %1$d Maximum number of spins allowed: %2$d Please provide a valid number of spins that each common generator thread goes through before terminating. 2650-229 SKC Failure: The buffer containing the marshalled or encrypted key provided to this routine is not valid. Either its length or its value are not valid. Length of key buffer: %1$d Address of key buffer value: 0x%2$016llx Please provide the key buffer from the key doublet obtained from the key cache with the sec_skc_get_keys() routine. 2650-230 SKC Failure: The encryption/decryption key provided does not have a supported key type. The encryption/decryption key should be a CtSec (MSS) generated typed key. Type of encryption/decryption key: 0x%1$08x Please provide a typed key that was generated by CtSec MSS service for the encryption key argument of this routine. 2650-231 SKC Failure: The buffer argument provided by the caller is either NULL or its length is smaller than what is required to hold the requested number of keys. Address of key buffer: 0x%1$016llx Length of the buffer provided: %2$d Number of keys requested: %3$d Required minimum length of buffer: %4$d The caller must provide a buffer of at least the length specified. 2650-232 SKC Failure: The library attempts to read/write the on-disk key cache file without any file being specified in the context. Specify the name of the on-disk key cache by setting the SEC_C_SKC_ATTR_FILENAME attribute for the context. File name: %1$s Line number: %2$d 2650-233 SKC Failure: The filename specified for the on-disk key cache does not represent a valid file or the process is unable to get information about the file. On-disk key cache file name: %1$s stat()'s errno: %2$d Provide the name of an existing on-disk key cache file by setting the SEC_C_SKC_ATTR_FILENAME attribute for the context. File name: %3$s Line number: %4$d 2650-234 SKC Failure: The on-disk key cache specified does not have a valid header. On-disk key cache file name: %1$s Provide the name of an existing on-disk key cache file by setting the SEC_C_SKC_ATTR_FILENAME attribute for the context. An on-disk key cache can be generated using the ctscachgen command. File name: %2$s Line number: %3$d 2650-235 Failure: Unable to the lock the on-disk key cache file. On-disk key cache filename: %1$s File descriptor: %2$d fcntl()'s errno: %3$d Please make sure that the on-disk key cache file name provided is valid and it exists on the file system. File name: %4$s Line number: %5$d 2650-236 Failure: Timeout occured when trying to lock the on-disk key cache file. On-disk key cache file name: %1$s File descriptor: %2$d The reason for the time out may be because the file is being locked by another process for more than 2 seconds. Make sure that there is no other process locking the file for more than 2 seconds. File name: %3$s Line number: %4$d 2650-237 Failure: An error occurred while reading the contents of the on-disk key cache file into the process's memory. On-disk key cache file name: %1$s File descriptor: %2$d read()'s errno: %3$d File name: %4$s Line number: %5$d Please make sure that the on-disk key cache file exists and is valid. 2650-238 Failure: An error occurred while reading the contents of the on-disk key cache file into the process's memory. The number of bytes read is smaller than the number of bytes requested to be read. On-disk key cache file name: %1$s Number of bytes read: %2$lld Number of bytes requested to be read: %3$lld File name: %4$s Line number: %5$d 2650-239 Failure: The maximum number of readings of the key cache file has been exceeded. As a security precaution, this file is rendered useless and will not be read again. On-disk key cache file name: %1$s Number of previous readings: %2$d Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %3$s Line number: %4$d 2650-240 Failure: The on-disk key cache file uses a pre-encryption key to encrypt the session keys, however, the SKC context does not have a pre-encryption key set. On-disk key cache file name: %1$s Please set the pre-encryption key attribute for the SKC context using the same key as the one used in the on-disk key cache file. File name: %2$s Line number: %3$d 2650-241 Failure: The content of the on-disk key cache file appears to be corrupted! The SKC library did not encounter the information expected in the appropriate location in the file. On-disk key cache file name: %1$s Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %2$s Line number: %3$d 2650-242 Failure: The pre-encryption key challenge in the on-disk key cache file could not be verified. On-disk key cache file name: %1$s Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %2$s Line number: %3$d 2650-243 Failure: The number of bytes remained to be read from the on-disk key cache file is a negative number. Number of bytes: %1$d On-disk key cache file name: %2$s The main reason for this failure is a memory corruption in the application's process. Please use a memory analysis tool and make sure there are no memory violations in the application. A less probable reason for this failure is a coding error in the SKC library. Please contact IBM's Customer Service and report this problem. File name: %3$s Line number: %4$d 2650-244 Failure: The number of bytes provided for the marshalled key doublet is less than what is required. Number of bytes provided: %1$d Number of bytes required: %2$d Please provide a buffer large enough for the marshalled key buffer. File name: %3$s Line number: %4$d 2650-245 Failure: A failure occured during the unmarshalling of the key doublet read from the on-disk key cache file. The most probable reason for this failure is a corrupted key cache file. Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %1$s Line number: %2$d 2650-246 Failure: A failure occured when updating the read count of the on-disk key cache file. On-disk key cache file name: %1$s On-disk key cache file descriptor: %2$d lseek()'s errno: %3$d The most probable reason for this failure is a corrupted key cache file. Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %4$s Line number: %5$d 2650-248 Failure: An error occurred while writing the contents of the on-disk key cache file. On-disk key cache file name: %1$s File descriptor: %2$d write()'s errno: %3$d Please check that the file system where the file resides has sufficient disk space and that it can be expandable to the size required by the write operation. File name: %4$s Line number: %5$d 2650-249 Failure: An error occurred while creating the on-disk key cache file. On-disk key cache file name: %1$s open()'s errno: %2$d File name: %3$s Line number: %4$d Please make sure that the on-disk key cache file exists and is valid. 2650-250 Failure: There are no keys in the context that can be saved into an on-disk key cache file. Please retry the operation at a later moment. On-disk key cache file name: %1$s File name: %2$s Line number: %3$d 2650-251 Failure: A failure occured when sync'ing the on-disk key cache file. On-disk key cache file name: %1$s On-disk key cache file descriptor: %2$d fsync()'s errno: %3$d The most probable reason for this failure is a corrupted key cache file. Please generate another key cache file using the ctscachgen command or synchronize the in-memory key cache with the on-disk key cache file using the SKC API. File name: %4$s Line number: %5$d 2650-252 SKC Failure: The SKC context token provided was not started prior to calling this routine. Only started contexts can be synchronized with their corresponding on-disk key cache files. Start the context using sec_skc_start_conetext before synchronizing it to disk. 2650-253 SKC Warning: Unable to write all the keys in the context to the on-disk key cache file. The error occurs because of several reasons, most probably not sufficient memory or not enough space on the file system. On-disk key cache file name: %1$s Number of keys written: %2$d Number of keys in the context: %3$d File name: %4$s Line number: %5$d 2650-254 SKC Failure: Unable to set the permission of the key cache file to read/write by owner only. The most probable cause of this problem is a lack of sufficient permission for the application's process. On-disk key cache file name: %1$s chmod()'s errno: %2$d File name: %3$s Line number: %4$d 2650-255 SKC Failure: Unable to open the on-disk key cache file for reading and/or writing. There are several reasons for this condition: lack of sufficient file permissions for the process; the file is part of a read-only file system; too many symbolic links encountered in the path or the pathname resolution of a symbolic link produced an intermediate result whose length exceeds the maximum file name length allowed; or the maximum allowable number of files opened in the system has been reached. On-disk key cache file name: %1$s open()'s errno: %2$d File name: %3$s Line number: %4$d 2650-256 SKC Failure: The on-disk key cache file does not represent a regular file. On-disk key cache file name: %1$s File name: %2$s Line number: %3$d Please make sure that the on-disk key cache file exists and is valid. 2650-257 Failure: The on-disk key cache file does not use a pre-encryption key to encrypt the session keys, however, the SKC context has the pre-encryption key attribute set. On-disk key cache file name: %1$s Please do not set the pre-encryption key attribute for the SKC context when reading an on-disk key cache file that does not use a pre-encryption key to encrypt the session keys. File name: %2$s Line number: %3$d 2650-258 Failure: The session key type used by the on-disk key cache file is different from the session key type set for the SKC context. On-disk key cache file name: %1$s Please generate an on-disk key cache file containing the same session key type as the one set for the SKC context. File name: %2$s Line number: %3$d 2650-260 ctscachgen Failure: Only one copy of the on-disk key cache file name option is allowed. 2650-261 ctscachgen Failure: Only one copy of the session key ngeneration method is allowed. 2650-262 ctscachgen Failure: Only one copy of the encryption key filename is allowed. 2650-263 ctscachgen Failure: Only one copy of the encryption key type is allowed. 2650-264 ctscachgen Failure: The value of the on-disk key cache size provided is not valid. A valid value is a positive, non-zero integer. 2650-265 ctscachgen Failure: One or more options provided to the command are not valid. 2650-266 ctscachgen Missing Option: On-disk key cache filename is missing. Please provide the name of the on-disk key cache filename (the'-c' option). 2650-267 ctscachgen Failure: The '-i' option cannot be used in conjunction with the '-n', '-k'/'-t', '-q', or '-f' options. 2650-268 ctscachgen Failure: At most one of the '-n', '-k'/'-t' and '-q' options or combination of options is allowed. 2650-269 ctscachgen Failure: The value of the '-m' option is not valid. Valid values for the '-m' option: des_md5, 3des_md5 and aes256_md5. 2650-270 ctscachgen Failure: The '-k' and '-t' options must be used in conjunction with each other. 2650-271 ctscachgen Failure: The value of the '-t' option is not valid. Valid values for the '-t' option are as follows: des_cbc des_md5 3des_md5 aes256_md5 rsa512_sha rsa1024_sha 2650-272 ctscachgen Failure: The value of the '-k' option is not valid. A valid value for the option is a non-empty array characters representing the hexadecimal value of the encryption key. 2650-273 ctscachgen Failure: Search permission is denied for a component of the on-disk key cache filepath prefix. (Error info: %1$s) 2650-274 ctscachgen Failure: A component of the on-disk key cache path prefix is not a directory. (Error info: %1$s) 2650-275 ctscachgen Failure: Unable to determine whether the on-disk key cache file exists or not. (Error info: %1$s, %2$d) 2650-276 ctscachgen Failure: The on-disk key cache file name provided does not represent a regular file. (Error info: %1$s) 2650-277 ctscachgen Failure: File permission error! Check whether write permission is allowed on the directory containing the on-disk key cache file or, in case the sticky bit is set on the directory containing the on-disk key cache file, whether the invoker of the command is the file owner, or whether it is the directory owner, or whether it has appropriate privileges. (Error info: %1$s) 2650-278 ctscachgen Failure: Permission error! The on-disk key cache file specified is part of a read-only file system. (Error info: %1$s) 2650-279 ctscachgen Failure: Only one copy of the encryption key value is allowed. 2650-524 libct_mss Failure: A failure occurred in a preceeding libct_mss routine. This failure has made the internal cache of the local system trusted host list unusable. Use the sec_read_host_keys interface to bypass this failure. Internal status code: %1$d Retained failure code: %2$d 2650-519 ctmss_cryptoinit Internal failure: Unable to test the FIPS certified operation of the CLiC library. Failing routine: %1$s Return code: %2$d Contact IBM Customer Service Support and report this problem. File name: %3$s Line number: %4$d 2650-520 ctmss_cryptoinit Internal failure: Unable to initialize the CLiC global context. The most probable cause is failure to allocate memory. Failing routine: %1$s Return code: %2$d Contact IBM Customer Service Support and report this problem. File name: %3$s Line number: %4$d 2650-521 ctmss_crypto Internal failure: Unable to initialize the CLiC global context. The following error message was set by the initialization routine: %1$s Contact IBM Customer Service Support and report this problem. File name: %2$s Line number: %3$d 2650-570 ctmss_crypto Failure: A CLiC cryptographic routine encountered an error during its execution. Name of the failing routine: %1$s Return code from failing routine: %2$d Contact IBM Customer Service Support and report this problem. File name: %3$s Line number: %4$d 2650-572 ctmss_crypto Failure: The value of the typed key provided is not valid: it does not represent a valid PKCS#8 encoded private or SPKI encoded public key. Key type: 0x%1$x Decoded key type: %2$d Contact IBM Customer Service Support and report this problem. File name: %3$s Line number: %4$d 2650-573 ctscrypto Failure: The decrypted message is not valid. Please ensure that the cipher provided was not corrupted before decrypting it and that the key used for decrypting the cipher pairs the key used for encrypting the message. File name: %1$s Line number: %2$d 2650-574 ctscrypto Failure: The search for prime factors has been exhausted. The private exponent provided cannot be converted to a PKCS#1 encoding. Please ensure that the private and public keys provided are valid and in pair. File name: %1$s Line number: %2$d 2650-575 ctscrypto Failure: The guessed prime factors do not verify the private exponent of the public key. The private exponent provided cannot be converted to a PKCS#8 encoding. Please ensure that the private and public keys provided are valid and in pair. File name: %1$s Line number: %2$d 2650-576 ctscrypto Failure: Unable to encode the private/public key material in the PKCS#8/SPKI format. Please ensure that the private and public keys provided are valid and in pair. File name: %1$s Line number: %2$d 2650-577 ctscrypto Failure: Unable to decode the private/public key material from the PKCS#8/SPKI format. Please ensure that the private and public keys provided are valid and in pair. File name: %1$s Line number: %2$d 2650-578 ctscrypto Failure: The private key provided is not a valid CLiC v1 proprietary encoded private key. Please provide a private key encoded in the CLiC v1 proprietary format. File name: %1$s Line number: %2$d 2650-579 ctscrypto Failure: The public key provided is not a valid CLiC v1 proprietary encoded public key. Please provide a public key encoded in the CLiC v1 proprietary format. File name: %1$s Line number: %2$d 2650-580 ctscrypto Failure: The private and public keys provided are not in pair. They either have a different modulus size or they do not resolve to the same challenge. Please provide private and public keys that are in pair. File name: %1$s Line number: %2$d 2650-925 ctskeygen Failure: The following public key format is not supported by this version of the 'ctskeygen' command: %1$s Please verify that the command was issued correctly. Use the 'ctskeygen -i' command to obtain the list of key generation methods supported by this version of the command. Status: Attention - Key file is either using the format of a previous software release, or the file is corrupted. Status: Attention - Key file is using a format not supported by this version of the command, assuming a configuration failure. 2650-924 ctskeygen Failure: The command was unable to obtain the private key from the private key file. The file contents may be corrupted, or the command user does not have sufficient privilege to access the private key file. The private key file used for this command was: File name: %1$s Verify that the correct file name was used in this command, and ensure that the correct system user is issuing this command. If both of these conditions are satisfied, the private key file contents may be corrupted, and a new private and public key pair need to be generated for this system. If new private and public keys are generated for this system, the public key must be distributed to any remote nodes that need to authenticate to this system. 2650-923 ctskeygen Attention: The command was not able to create a Public Key Encryption Standard (PKCS) encoded version of the private key. A private key does exist for this system and will continue to be used in place of the PKCS formatted key. The security subsystem may experience a slight performance degradation, but should continue to function properly. The private key file used by this command was: Private Key File Name: %1$s The command may have failed if the private key file contents are not in pair with the public key file contents. Public Key File Name: %2$s Ensure that the correct private and public key files were used, and verify the arguments to the '-p' and '-q' options. In most cases, if either the '-p' or '-q' option was specified, the other option should also be specified to ensure that the correct files are used by the command. If this contition persists, the contents of either the private or the public key file may be corrupted, and a new private and public key pair may need to be generated for the system. Do not generate new private and public keys unless this system is experiencing authentication failures. If new private and public keys are generated for this system, the public key must be distributed to any remote nodes that need to authenticate to this system. Status: Attention - The keys contained in the public and private key files are not in pair, or the private key file contents are corrupted. 2650-922 %1$s Failure: The private key contained in the private key file could not be converted to the Public Key Cryptography Standard (PKCS) format. This conversion requires that the private key and public key values be in pair. This failure can occur when the command makes use the wrong set of private and public key files. This failure can also occur if the private key file contents have been corrupted. The files used by the command were from the following locations: Private key file path name: %2$s Public key file path name: %3$s For further detail on the nature of the configuration problem, issue the %1$s command with the most detailed output option enabled. The appropriate corrective action will depend on the nature of the configuration problem. * For user access failures, ensure that the correct system user is issuing this command. * For other conditions, ensure that the correct private key file path name is specified in the %4$s option or the configuration file. Also ensure that the correct public key file path name is specified in the %5$s option or the configuration file. If the file path name is correct, the system administrator should consider generating a new pair of private and public keys using the ctskeygen command and replacing the entries for the local system in the trusted host list file using the ctsthl command. System administrators should remember that when these keys are regenerated for a node, all systems that consider the local system a trusted host must be informed of the public key value change and update their trusted host lists accordingly. * If the command cannot determine the private key file status, the file system may require further manual examination. 2650-039 libct_sec Failure: Unable to load shared object. Name of shared object: %1$s dlopen()'s errno: %2$d dlopen()'e error message: %3$s Make sure that the library containing the shared object exists on the system and is readable by the process. 2650-040 libct_sec Failure: Unable to find symbol in shared object. Name of shared object: %1$s Name of symbol: %2$s dlsym()'s errno: %3$d dlsym()'e error message: %4$s Make sure that the library containing the shared object exists on the system and is readable by the process. 2650-522 libct_mss Failure: The input message provided by the caller of this routine is incorrect. Its length and/or its value is/are not valid. Length of input message: %1$d Address of input message: 0x%2$016llx Please provide a valid input message. 2650-041 libct_sec Failure: The MPM specified by the mechanism code or mnemonic provided has been either removed or marked as containing inconsistent data. Code/mnemonic of MPM: %1$s MPM's state: %2$08x The libct_sec library attempts to locate the MPM specified by the code or mnemonic provided and finds an internal entry for that MPM that was marked as either removed or damaged. This condition happens when either the MPM record in the CtSec's configuration file, ctsec.cfg, was removed or commented out; or the information pertaining to that MPM record in the configuration file changed in an inconsistent manner (a different name or path). Make sure that the CtSec's configuration file, ctsec.cfg, contains a valid record for the specified MPM and that the information in the record is consistent in time. 2650-568 libct_mss: The encryption module %1$s does not export the optional randon IV interface. 2650-090 libct_sec Failure: A buffer provided by the application is not sufficient to store the data requested. Routine name: %1$s Buffer size provided by application: %2$d bytes Buffer size required: %3$d bytes Verify that the correct buffer size was provided to the routine, or modify the application to provide a buffer of sufficient size. 2650-523 libct_mss: Unable to open the file provided for reading. errno set by open(): %1$d File name: %2$s Location where error occured: %3$s:%4$d 2650-569 libct_mss: Unable to stat the file provided. errno set by stat(): %1$d File name: %2$s Location where error occured: %3$s:%4$d 2650-571 libct_mss: The file provided is empty (0 byte size). File name: %1$s Location where error occured: %2$s:%3$d 2650-581 libct_mss: Failed to read from file. errno from read(): %1$d File name: %2$s Location where error occured: %3$s:%4$d 2650-582 libct_mss: The length of the signature/digest buffer required by the %1$s routine is %2$d. 2650-583 libct_mss: The length of the signature/digest buffer provided to the signing/digest routine is smaller than the required size. Name of routine: %1$s Required buffer length: %2$d 2650-584 libct_mss: The file name provided to the signing/digest routine is not valid. The routine requires a file name that is not NULL or empty. Name of routine: %1$s 2650-585 libct_mss: The digest buffer provided to the routine does not contain a valid MD5 or SHA digest for the file. Please use sec_md5/sha_file_digest3 to generate a valid MD5/SHA digest for the file. Occurence index: %1$d 2650-042 libct_sec Failure: The socket descriptor %1$d is not valid. Please ensure that the socket file descriptor is valid. [%2$s:%3$d] 2650-043 libct_sec Failure: getsockname() failed with errno %1$d [%2$s:%3$d]. Please ensure that the socket descriptor (%4$d) is valid. 2650-044 libct_sec Failure: bind() failed with errno %1$d [%2$s:%3$d]. Please ensure that the socket descriptor (%4$d) is valid and that the caller has sufficient privileges to create the socket file. Caller's euid: %5$d Socket file: %6$s 2650-919 libct_has Failure: Initialization of THL file locking mechanism failed. The following information details the error: Location: %1$s [%2$d] Routine: %3$s Error code: %4$d There are multiple reasons for such an error, however, most probably there is a depletion of system resources, like memory, and/or pthread mutex and/or read/write locks. Please contact the system administrator or customer support. 2650-918 libct_has Failure: Unable to rename the temporary THL file to the permanent THL file. The following information details the error: Location: %1$s [%2$d] Error code: %3$d Name of temporary THL file: %4$s Name of permanent THL file: %5$s There are multiple reasons for such an error, however, most probably there is a depletion of file system resources, like memory like disk space. Please contact the system administrator or customer support. 2650-917 ctskeygen Failure: The key file argument provided is either a symbolic link; or it is not a regular file (%1$s). The use of symbolic links or non-regular files is not allowed by this command. Please provide the name of a regular file. 2650-400 The command detected an incorrect option or a missing option argument. Please verify that the command was issued correctly. 2650-401 Invalid security compliance mode "%1$s" passed. 2650-402 Invalid key generatation method "%1$s" passed. 2650-403 Invalid symmetric key type "%1$s" passed. 2650-053 There are no pending configuration available. 2650-054 Invalid key type. 2650-055 Staging configuration file exists, so new configuration can't be applied. 2650-056 %1$s key type is invalid as per compliance mode. 2650-057 The system call %1$s failure with return code: %2$d error number: %3$d file name: %4$s line number: %5$d 2650-644 Internal Failure: Unrecoverable error while updating THL Function Name: %1$s File Descriptor: %2$d Reference Count: %3$d 2650-058 Unsupported key type. 2650-059 Unsupported key generatation method "%1$s" passed. %1$s: Lists and modifies the contents of the security subsystem configuration file. The revised configuration file is recorded to the file /var/ct/cfg/ctsec.cfg. If this file already exists, the previous version of the file is recorded to the file /var/ct/cfg/ctsec.cfg.bak if there is sufficient space to create this file. Usage: ctscfg -h ctscfg -l ctscfg -a -p -c -n -o [-f ] [-l] ctscfg -d { -c | -n } [-l] ctscfg -u -p { -c | -n } [-l] Parameters: -a Adds a new configuration entry for a new security mechanism pluggable module (MPM) to the security subsystem configuration. This option requires the -c, -n, -o, and -p options. -c Specifies the code to be used by the security subsystem to reference this mechanism pluggable module. The argument to this option must be expressed as a hexadecimal value in the form of "0x" [example: "0x1a" or "0x9F"] -d Removes an existing entry for a security mechanism pluggable module (MPM) from the security subsystem configuration. The -c or the -n option must be specified to indicate which entry is to be removed. -f Specifies the flags required by the security subsystem to properly load and execute the security mechanism pluggable module (MPM). The flags must be specified with no intervening white space [example: "-f izu"]. -h Displays the usage information for this command. -l Lists the contents of the currently active security subsystem configuration file. If this option is specified with the -a, -d, or -u options, the resulting configuration is listed. -n Specifies the mnemonic to be used for the security mechanism pluggable module (MPM). The mnemonic should be a short string value [ex: "-c mymech"]. -o Specifies the location of the security mechanism pluggable module (MPM). The MPM must exist as a file. If a symbolic link is used, the symbolic link must reference an existing file. The path must be expressed as an absolute path [ex: "-o /usr/lib/mymech"]. -p Specifies the priority associated with this security mechanism pluggable module (MPM). Lower values have a higher priority. Priority values need not be consecutive, but no two MPMs may share the same priority. Negative values and a zero value are not permitted for a priority. -u Updates the priority associated with an existing security mechanism pluggable module (MPM) in the security subsystem configuration. This option requires the -p option and either the -n option or the -c option. Notes: This command permits the user to create an empty security subsystem configuration, where no security mechanism pluggable modules are configured. In this configuration, all parties are are to be considered not authentic. Priority Mnemonic Code Path Flags Attention: The security subsystem configuration does not have any security mechanism pluggable modules (MPM) active. This will cause the security subsystem to not consider any users authentic. If this is not the desired behavior, run the %1$s utility with the "-a" option to activate at least one security mechanism pluggable module. 2650-280 %1$s: One of the following required system commands cannot be found in the execution path. Verify that the following commands are available and can be loacted in a directory listed by the PATH environment variable: %2$s 2650-281 %1$s: The default configuration file is either missing or empty. This condition can cause failures or unexpected results from the security subsystem. Default configuration file name: %2$s Extract this file from the RSCT software installation media and replace this file on the system. 2650-282 %1$s: The configuration file is empty. This condition can cause failures or unexpected results from the security subsystem. Configuration file name: %2$s Remove this file from the system, then execute the %1$s command to reconstruct the file. 2650-283 %1$s: The default configuration file could not be read into memory. This condition can cause failures or unexpected results from the security subsystem. Default configuration file name: %2$s Ensure that this file permissions allow the file to be read by this user. Extract this file from the RSCT software installation media and replace this file on the system. 2650-284 %1$s: The configuration file could not be read into memory. This condition can cause failures or unexpected results from the security subsystem. Configuration file name: %2$s Remove this file from the system, then execute the %1$s command to reconstruct the file. 2650-285 %1$s: The default configuration file appears to be corrupted. At least one entry within this file is missing a required data field, or the information for the required data field is not valid. This condition can cause failures or unexpected results from the security subsystem. Default configuration file name: %2$s Extract this file from the RSCT software installation media and replace this file on the system. 2650-286 %1$s: The configuration file appears to be corrupted. At least one entry within this file is missing a required data field, or the information for the required data field is not valid. This condition can cause failures or unexpected results from the security subsystem. Configuration file name: %2$s Extract this file from the RSCT software installation media and replace this file on the system. 2650-287 %1$s: Only one instance of the "-%2$s" option is allowed. 2650-288 %1$s: The option "-%2$s" requires an argument. 2650-289 %1$s: The option "%2$s" is not supported. 2650-290 %1$s: A required option is missing. 2650-291 %1$s: The options "-%2$s" and "-%3$s" cannot be used together. 2650-292 %1$s: The code value specified with the "-c" option is not provided in hexadecimal format. This value must begin with the value "0x" and contain only hexadecimal digits [example: "0x1a" or "0x9F"]. Code value specified by the "-c" option: %2$s. 2650-293 %1$s: The path name specified with the "-o" option is not an absolute path, or it does not reference an existing file. The file must exist, the file must have a size greater than zero bytes, and the path name must begin with the "/" character [ex: /usr/lib/mpmname]. Path specified by the "-o" option: %2$s. 2650-294 %1$s: One or more of the following options are required: %2$s 2650-295 %1$s: The user does not have permission to alter the security subsystem configuration. To alter the configuration, the user must be the system superuser or the owner of the configuration file. This user must also have permission to write to the %2$s directory. Verify that the correct user has issued this command. Configuration file name: %3$s 2650-296 %1$s: An unexpected failure occurred. Contact the security software service provider and report this failure. 2650-297 %1$s: The code value specified with the "-c" option and the mnemonic specified with the "-n" option do not reference the same security mechanism pluggable module. Ensure that the correct arguments were specified for these options. Use the "-l" option to view the available security mechanism pluggable module information. Code value specified by the "-c" option: %2$s Mnemonic specified by the "-n" option: %3$s 2650-298 %1$s: No security mechanism pluggable module was detected in the configuration file for the specified mechanism code or mnemonic. Verify that the correct information was provided to this command. Use the "-l" option to view the available security mechanism pluggable module information. 2650-299 %1$s: A security mechanism pluggable module was detected in the configuration file for the specified mechanism code or mnemonic. Verify that the correct information was provided to this command. Use the "-l" option to view the available security mechanism pluggable module information. 2650-300 %1$s: The code value specified with the "-c" option or the mnemonic specified with the "-n" option references an existing security mechanism pluggable module. Ensure that the correct arguments were specified for these options. Use the "-l" option to view the available security mechanism pluggable module information. Code value specified by the "-c" option: %2$s Mnemonic specified by the "-n" option: %3$s Usage: chsecmode [-x] [-c mode] [-m method] [-s type] [-f] [-h] where -x Cancels the pending compliance mode changes if exist. -c Specifies the security compliance mode. -m An appropriate type which is valid for the compliance mode used for generating the nodes public/private keys. -s Specifies the cluster default symmetric key type. -f Generates new keys even if the key generation method has not changed. -h Displays the usage information for this command 2650-364 Keygen method, %1$s, not supported. 2650-361 The stopsrc/refresh command filed for %1$s 2650-362 The startsrc command filed for %1$s 2650-363 The Trusted Host List update failed with return code %1$d 2650-364 Keygen method, %1$s, not supported. Usage: lssecmode [-p] [-d | -D ] [-x] [-T] [-V] [-h] Usage: lssecmode [-p] [-d | -D ] [-x] [-T] [-V] [-h] Options: -p Displays the pending security mode and key types. -d Specifies delimiter-formatted output. The default delimiter is a colon (:). Use the -D flag if you want to change the default delimiter. -D delimiter Specifies delimiter-formatted output that uses the specified delimiter. Use this flag to specify something other than the default colon (:). An example is when the data to be displayed contains colons. Use this flag to specify a delimiter of one or more characters. -x Specifying this option means that no header information is to displayed. -T Specifying this option means that tracing will be enabled. -V Specifying this option means that verbose output will be enabled. -h Displays the usage information for this command. Note: Invoking the command without any options displays the current security mode and key types. Example: lssecmode -p -d -D "::" The above command example displays the pending security mode and key types in a programmable format and the delimiter used is "::" Current Security Mode Configuration Pending Security Mode Configuration 2650-381 Invalid option entered 2650-382 %1$s command exited due to an underlying API error 2650-383 Option %1$s requires an argument 2650-384 There are no pending configuration available