Server administrator ID (iadmin)
The installation of a server requires an ID to install and own the files as well as to administer the server; this is also known as the iadmin ID. The iadmin ID should:
CRTDTAARA DTAARA(IADMIN/QDFTJRN) TYPE(*CHAR) LEN(25) VALUE('IADMIN QSQJRN *FILE')
The CRTDTAARA VALUE parm must be padded to the sizing shown (10 10 5). If not, Journal redirection will not work.
Note: As of Release 7.6.3, requiring an explicit CURLIB is a requirement. Sites with prior installations must update the server admin ID to have a CURLIB if it did not (for example, CHGPRF CURLIB(IADMIN)). Otherwise, the installation process will fail. The easiest way to check if an ID has a CURLIB is to do a DSPLIBL and look for a library entry with type of CUR. Information Builders does not recommend CURLIB library names matching the software install library (for example, SRV77) as this allows the software library to possibly get corrupted with files from daily activities. It also creates a high possibility of accidental overwrites/deletions of important software.
To determine if the code page you use is compatible with code page 37, check if the square brackets ( [ ] ) in your code page are in the same position as on code page 37.
You can find IBM code page descriptions at:
This documentation refers to the server administrator ID, which you use to install and administer the server, as the iadmin ID, but you can name it anything you want. If you name it something other than iadmin, you will need to create a second ID, literally named iadmin, for the DVD library to properly unload. If you do not use this literal iadmin ID to install and own the files, you can remove it after installation.
While logged on as QSECOFR, create the server administrator ID and home directory using the following sample code:
CRTUSRPRF USRPRF(IADMIN) PASSWORD(MYPASS) HOMEDIR('/home/iadmin') CCSID(37) TEXT('Server Administrator ID') DLVRY(*NOTIFY) QSH CMD('mkdir /home/iadmin') QSH CMD('chmod 755 /home/iadmin') QSH CMD('chown iadmin /home/iadmin')
Running the server in secured mode also requires that particular files have their ownership changed to QSECOFR (this step is done after installation).
End users of the server will also require an ID and password created/configured for the Security Provider modes a server is using. For the OPSYS Security Provider mode, no special authorities or setup parameters are needed for the IDs.
To keep the server secure, you should make the iadmin ID available only to users that require server administrative privileges.
Server system ID (iserver)
You have the option of creating a user ID that is QSECOFR for internal use by the server to proxy the authority of QSECOFR. We call this the Server system ID (iserver). The ID can be an account that is never used for logging in. You might wish to create an iserver ID if, for example, you do not want certain server processes to appear as owned by QSECOFR.
To create iserver, issue the following command
CRTUSRPRF USRPRF(id) PASSWORD(*NONE) USRCLS(*SECADM) TEXT('Server System Security ID') SPCAUT(*SECADM *ALLOBJ *JOBCTL)
Is the name of the actual iserver ID.