A fix is available
APAR status
Closed as program error.
Error description
When using CHLAUTH and WARN=YES is specified on a SVRCONN channel, a security violation may occur putting a message to SYSTEM.ADMIN.CHANNEL.EVENT queue. When a second conversation using the same channel starts, and attempts to put an event message to SYSTEM.ADMIN.CHANNEL.EVENT, because the XPWA now contains the channel's MCAUSER, this is used when opening the event queue, rather than the user the channel initiator is running under.
Local fix
The problem can be avoided by setting SHARECNV(1) on the channel, so that no conversation sharing takes place.
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 * * Release 1 Modification 0. * **************************************************************** * PROBLEM DESCRIPTION: ICH408I is issued when a CHLAUTH event * * message is generated by a multiplexed * * svrconn channel, and no event message * * is put to SYSTEM.ADMIN.CHANNEL.EVENT * * The ICH408I shows the MCAUSER was * * used when putting the event message. * **************************************************************** * RECOMMENDATION: * **************************************************************** When generating an event message as the result of a CHLAUTH rule matching, the event message should be put to SYSTEM.ADMIN.CHANNEL.EVENT using the channel initiator's user id, which should have sufficient authority to put to this queue. However, when multiple conversations share an instance of a svrconn channel (i.e. SHARECONV > 1), event messages generated by the second and subsequent conversations incorrectly use the channel MCAUSER when putting to the event queue.
Problem conclusion
rsiEvent is changed to put CHLAUTH event messages to SYSTEM.ADMIN.CHANNEL.EVENT using the channel initiator's userid when multiple conversations are sharing a channel. 100Y CMQXREVN
Temporary fix
Comments
APAR Information
APAR number
PI18232
Reported component name
WMQ Z/OS V7
Reported component ID
5655R3600
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-05-20
Closed date
2014-07-22
Last modified date
2014-09-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI19158
Modules/Macros
CMQXREVN
Fix information
Fixed component name
WMQ Z/OS V7
Fixed component ID
5655R3600
Applicable component levels
R100 PSY UI19158
UP14/08/30 P F408
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 September 2014