IBM Support

IT17772: MQ 8 MFT PLUGIN EXPLORER: DOES NOT HANDLE PASSWORDS LONGER THAN12 CHARACTERS IF MQCSP AUTHENTICATION ON

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The IBM MQ 8.0 MFT plugin for MQ Explorer does not handle
    passwords longer than 12 characters, if the MQCSP
    Authentication Mode has been enabled.
    

Local fix

  • Use passwords that are 12 characters in length or shorter.
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    This issue affects two categories of users.
    
    Category 1:
    Users of:
     - IBM MQ Explorer V9
     - IBM MQ Explorer V8
     who use the MQ Explorer Managed File Transfer Plugin.
    
    Category 2:
    Users of:
     - The IBM MQ V9 Managed File Transfer component
     - The IBM MQ V8 Managed File Transfer component
    who have agents that connect to a queue manager using the CLIENT
    transport and specify a password.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    The common Managed File Transfer (MFT) code which was used by
    both the MQ Explorer and MFT agents failed to authenticate with
    a 2035 reason code (MQRC_NOT_AUTHORIZED) when connecting to a
    coordination/command queue manager. This happened in the
    following scenarios:
     	- Using MQ Explorer MFT Plugin when the user got prompted
    for a password and provided a password which  was greater than
    12 characters in length.
     	- Using the MQ Explorer MFT Plugin and the
    MFTCredentials.xml to supply the credentials. The file contained
    a password greater than 12 characters in length.
     	- When an MFT agent connected to the queue manager using
    the CLIENT transport mode. In order to establish this
    connection, credentials were required, which are specified in
    the MFTCredentails.xml. If the password specified in the file
    was greater than 12 characters in length, the agent failed to
    authenticate with the queue manager.
     	
    The problem was that the common MFT code did not use MQCSP
    authentication, but rather authenticated using "compatibility
    mode" which limits the password to 12 characters in length.
    

Problem conclusion

  • The common MFT code as well as the MFT agent and MQ Explorer
    code has been updated so that the user now can enable MQCSP
    Authentication mode (disabling the default compatibility mode).
    This can be done in the following ways:
    
    - In the MQ Explorer:
        - Select the queue manager you want to connect to.
        - Right click, and select Connection Details->Properties
    from the pop up menu.
        - Click on the Userid tab.
        - Ensure "Enable user identification" is selected, and
    unselect the "User identification compatibility mode" checkbox.
    
    - For MFT agents, add a new parameter, "useMQCSPAutentication".
    to the MFTCredentials.xml file for the relavant user. The
    parameter has to be set to true. If the parameter is not there
    it will by default be set to false and use compatibility mode to
    authenticate the user with the queue manager.
    
    Here is an example entry to show how to set the
    useMQCSPAuthentication parameter in the MFTCredentials.xml file:
    &#09; <tns:qmgr name="CoordQueueMgr" user="ernest"
    mqUserId="ernest" mqPassword="AveryL0ngPassw0rd2135"
    useMQCSPAuthentication="true"/>
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v8.0       8.0.0.7
    v9.0 CD    9.0.3
    v9.0 LTS   9.0.0.2
    
    The latest available FTE maintenance can be obtained from
    'Fix List for WebSphere MQ File Transfer Edition 7.0'
    http://www-01.ibm.com/support/docview.wss?uid=swg27015313
    
    The latest available MQ maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT17772

  • Reported component name

    WMQ MFT V8.0

  • Reported component ID

    5724H7252

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-11-02

  • Closed date

    2017-03-27

  • Last modified date

    2017-03-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ MFT V8.0

  • Fixed component ID

    5724H7252

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
27 March 2017