Direct links to fixes
6.1.0-TIV-BSM-FP0004-zlinux
6.1.0-TIV-BSM-FP0004-windows
6.1.0-TIV-BSM-FP0004-solaris
6.1.0-TIV-BSM-FP0004-linux
6.1.0-TIV-BSM-FP0004-aix
6.1.0-TIV-NCI-FP0004-zlinux
6.1.0-TIV-NCI-FP0004-windows
6.1.0-TIV-NCI-FP0004-solaris
6.1.0-TIV-NCI-FP0004-aix
6.1.0-TIV-NCI-FP0004-linux
6.1.1-TIV-BSM-FP0004-windows
6.1.1-TIV-BSM-FP0004-zlinux
6.1.1-TIV-BSM-FP0004-solaris
6.1.1-TIV-BSM-FP0004-linux
6.1.1-TIV-BSM-FP0004-aix
6.1.1-TIV-NCI-FP0004-windows
6.1.1-TIV-NCI-FP0004-zlinux
6.1.1-TIV-NCI-FP0004-solaris
6.1.1-TIV-NCI-FP0004-aix
6.1.1-TIV-NCI-FP0004-linux
5.1.1-TIV-NCI-FP0003-Linux
5.1.1-TIV-NCI-FP0003-HPUX
5.1.1-TIV-NCI-FP0003-win
5.1.1-TIV-NCI-FP0003-Solaris
5.1.1-TIV-NCI-FP0003-Linuxs390
5.1.1-TIV-NCI-FP0003-aix
6.1.1-TIV-BSM-FP0002-windows
6.1.1-TIV-BSM-FP0002-zlinux
6.1.1-TIV-BSM-FP0002-solaris
6.1.1-TIV-BSM-FP0002-aix
6.1.1-TIV-BSM-FP0002-linux
IBM Tivoli Netcool/Impact V5.1.1 Fix Pack 3 (5.1.1-TIV-NCI-FP0003)
IBM Tivoli Netcool/Impact V6.1.1 Fix Pack 4 (6.1.1-TIV-NCI-FP0004)
IBM Tivoli Business Service Manager V6.1.1 Fix Pack 4(6.1.1-TIV-BSM-FP0004)
IBM Tivoli Netcool/Impact V6.1.0 Fix Pack 4(6.1.0-TIV-NCI-FP0004)
IBM Tivoli Business Service Manager V6.1.0 Fix Pack 4(6.1.0-TIV-BSM-FP0004)
IBM Tivoli Netcool/Impact V6.1.0 Fix Pack 4(6.1.0-TIV-NCI-FP0004)
IBM Tivoli Netcool/Impact V6.1.1 Fix Pack 5 (6.1.1-TIV-NCI-FP0005)
IBM Tivoli Business Service Manager V6.1.1 Fix Pack 5(6.1.1-TIV-BSM-FP0005)
APAR status
Closed as program error.
Error description
impact.objectserver.securepassword in <servername>_server.props should be a means of connecting to an object server via a secure method. This works well enough generally if an object server is in SecureMode and nco_g_crypt can be used to encrypt the password, but if an object server is running secure using FIPS as the algorithm then nco_g_crypt does not meet the FIPS standard and the password will be rejected. Other potential options such as nco_aes_crypt or nci_crypt also fail, possibly because the password generated is too long. Impact appears to be treating the password value as unencrypted. If the actual plain text password is used for impact.objectserver.securepassword, rather than trying to encrypt it, the connection works fine with FIPS, but this creates a security risk.
Local fix
Use the unencrypted password and tighten the file permissions on <servername>_server.props. Alternatively don't use FIPS.
Problem summary
**************************************************************** * USERS AFFECTED: * * All Impact Users * **************************************************************** * PROBLEM DESCRIPTION: * * NO MEANS OF ENCRYPTING IMPACT.OBJECTSERVER.SECUREPASSWORD * * THAT * * WILL ALLOW AUTHENTICATION TO AN OBJECT SERVER USING FIPS. * **************************************************************** * RECOMMENDATION: * **************************************************************** The Secure Password is saved as plain text instead of encrypted.
Problem conclusion
Changed the property to require the password to be encrypted. The fix for this APAR is contained in the following maintenance packages: |Fix Pack|5.1.1-TIV-NCI-FP0003 |Fix Pack|6.1.0-TIV-NCI-FP0003 |Fix Pack|6.1.1-TIV-NCI-FP0002
Temporary fix
Comments
APAR Information
APAR number
IV59920
Reported component name
NETCOOL/IMPACT
Reported component ID
5724O59IS
Reported release
511
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-04-29
Closed date
2014-06-27
Last modified date
2015-02-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
UNKNOWN
Fix information
Fixed component name
NETCOOL/IMPACT
Fixed component ID
5724O59IS
Applicable component levels
R511 PSY
UP
R610 PSY
UP
R611 PSY
UP
Document Information
Modified date:
03 February 2015