IBM Support

PI18232: WMQ V710 - MESSAGE ICH408I MAY BE ISSUED IF THE CHLAUTH IS USED AND WARN=YES IS SET ON A SVRCONN CHANNEL.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When using CHLAUTH and WARN=YES is specified on a SVRCONN
    channel, a security violation may occur putting a message
    to SYSTEM.ADMIN.CHANNEL.EVENT queue.
    
    When a second conversation using the same channel starts,
    and attempts to put an event message to
    SYSTEM.ADMIN.CHANNEL.EVENT, because the XPWA now contains
    the channel's MCAUSER, this is used when opening the event
    queue, rather than the user the channel initiator is running
    under.
    

Local fix

  • The problem can be avoided by setting SHARECNV(1) on the
    channel, so that no conversation sharing takes place.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 *
    *                 Release 1 Modification 0.                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: ICH408I is issued when a CHLAUTH event  *
    *                      message is generated by a multiplexed   *
    *                      svrconn channel, and no event message   *
    *                      is put to SYSTEM.ADMIN.CHANNEL.EVENT    *
    *                      The ICH408I shows the MCAUSER was       *
    *                      used when putting the event message.    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When generating an event message as the result of a CHLAUTH rule
    matching, the event message should be put to
    SYSTEM.ADMIN.CHANNEL.EVENT using the channel initiator's user
    id, which should have sufficient authority to put to this queue.
    However, when multiple conversations share an instance of a
    svrconn channel (i.e. SHARECONV > 1), event messages generated
    by the second and subsequent conversations incorrectly use the
    channel MCAUSER when putting to the event queue.
    

Problem conclusion

  • rsiEvent is changed to put CHLAUTH event messages to
    SYSTEM.ADMIN.CHANNEL.EVENT using the channel initiator's userid
    when multiple conversations are sharing a channel.
    100Y
    CMQXREVN
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI18232

  • Reported component name

    WMQ Z/OS V7

  • Reported component ID

    5655R3600

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-05-20

  • Closed date

    2014-07-22

  • Last modified date

    2014-09-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI19158

Modules/Macros

  • CMQXREVN
    

Fix information

  • Fixed component name

    WMQ Z/OS V7

  • Fixed component ID

    5655R3600

Applicable component levels

  • R100 PSY UI19158

       UP14/08/30 P F408

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 September 2014