IBM Support

IT02774: WMQ FILE TRANSFER EDITION 7.0.4: ENABLE 'KEYBOARD-INTERACTIVE'MODE WHEN USING PASSWORD AUTHENTICATION.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • This APAR adds support to the WebSphere MQ File Transfer Edition
    7.0.4 Bridge Agent for
    connections to a SFTP file server using password authentication
    when the
    SFTP file server only accepts the 'keyboard-interactive'
    authentication method.
    

Local fix

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This new function is applicable to all users of the WebSphere MQ
    File Transfer Edition protocol bridge agent who transfer files
    to and/or from an SFTP file server that accepts only the
    'keyboard-interactive' authentication method.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    The WebSphere MQ File Transfer Edition (FTE) protocol bridge
    agent could only connect to SFTP file servers that authenticated
    the connection attempt using either username/password
    credentials or username/private key credentials.
    
    When the WebSphere MQ FTE protocol bridge agent attempted to
    connect to an SFTP file server that accepted only
    keyboard-interactive as the authentication method, then the
    protocol bridge agent was unable to connect to the SFTP file
    server. As a result, file transfers to and from this SFTP file
    server failed.
    

Problem conclusion

  • The protocol bridge agent uses the JSch, third-party library, to
    connect to SFTP file servers. This APAR has updated the
    WebSphere MQ File Transfer Edition protocol bridge agent code
    used to configure the JSch library such that it will now attempt
    to authenticate with an SFTP file server using the
    'keyboard-interactive' method when no private key is specified
    in the ProtocolBridgeCredentials.xml file.
    
    Authentication using the 'keyboard-interactive' method will only
    work if the SFTP file server prompts for the password using the
    string "password:" (in either upper, lower or mixed case). In
    the case where the 'keyboard-interactive' authentication method
    is used and the SFTP file server responds with a string
    different to "password:", the connection attempt fails.
    
    When the SFTP file server responds to the initial connection
    attempt with this string, the protocol bridge agent via the JSch
    library will send the password configured in the
    "serverPassword" attribute of the "user" element within the
    ProtocolBridgeCredentials.xml file.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v7.0       7.0.4.5
    v7.5       7.5.0.5
    v8.0       8.0.0.2
    
    The latest available FTE maintenance can be obtained from
    'Fix List for WebSphere MQ File Transfer Edition 7.0'
    http://www-01.ibm.com/support/docview.wss?uid=swg27015313
    
    The latest available MQ maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT02774

  • Reported component name

    WMQ FILE TRANSF

  • Reported component ID

    5724R1000

  • Reported release

    704

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-06-27

  • Closed date

    2014-10-13

  • Last modified date

    2014-10-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ FILE TRANSF

  • Fixed component ID

    5724R1000

Applicable component levels

  • R704 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEP7X","label":"WebSphere MQ File Transfer Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.4","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
13 October 2014