Fixes are available
APAR status
Closed as program error.
Error description
In RDz v9.0.0, the user has created a user certificate with HostIdMappings certificate extension defined to RACF. The client can login using this certificate instead of userid and password. If the admin revokes the certificate, and adds to the CRL, it is expected that the client will not be able to login. However, there is no check for the revocation and the login is successful. This is a potential security exposure.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: 01.All RDz users who login by certificates * **************************************************************** * PROBLEM DESCRIPTION: 01.User can login using revoked * * certificate * **************************************************************** * RECOMMENDATION: * **************************************************************** 01.A user can login using a revoked certificate via "Remote daemon" z/OS connection with certificate authentication method.
Problem conclusion
01.The code is updated to check the CRL on a LDAP server in a remote daemon connection.
Temporary fix
Comments
APAR Information
APAR number
PI23733
Reported component name
RATL DEV FOR SY
Reported component ID
5724T0700
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-08-12
Closed date
2015-06-04
Last modified date
2015-06-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
FEKFZOS
Fix information
Fixed component name
RD/Z HOST
Fixed component ID
5724T0723
Applicable component levels
R900 PSY UI28242
UP15/06/08 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSJK49","label":"IBM Developer for z Systems"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
14 December 2020