A fix is available
APAR status
Closed as program error.
Error description
dsmc crashes when running in FIPS (Federal Information Processing Standard) enabled environments on Unix and Linux when PASSWORDACCESS GENERATE is specified in the dsm.sys file. Customer/L2 Diagnostics: Call stack: #0 0x00007ff7da5871d7 in raise () from /lib64/libc.so.6 #1 0x00007ff7da5888c8 in abort () from /lib64/libc.so.6 #2 0x00000000006c4f64 in psTrapHandler(int) () #3 <signal handler called> #4 0x00000000006bd0a6 in psCreateCryptoKey(unsigned char*, char*) () #5 0x0000000000bbee06 in psPasswordFile::readPassword (unsigned char, char*, char*, char const*, unsigned char*, bool) () #6 0x00000000006f78f3 in PasswordFile::getPassword (unsigned char, char*&, unsigned int*, char*, char const*, unsigned char*, bool) () #7 0x00000000006ee32f in pswdFGetPassword(Sess_o*) () #8 0x000000000061cf2c in scPswdEncrypt(Sess_o*, unsigned char*, unsigned int, unsigned char*, unsigned int*, unsigned char) () #9 0x000000000063ed02 in cuSignOnEnhanced(Sess_o*) () #10 0x00000000006213ac in scSignOnTheSession(Sess_o*) () #11 0x00000000006217ff in NegotiateSession(Sess_o*) () #12 0x000000000061e813 in OpenSess(Sess_o*, bool) () #13 0x0000000000621b90 in Logon(Sess_o*) () #14 0x0000000000623b1d in CheckSession(Sess_o*, sessLoadPolicy_t) () #15 0x0000000000433ea5 in dscInit(int, char**, cliType_t) () #16 0x0000000000434409 in dscmain(int, char**) () #17 0x0000000000430c2a in main () Note: The call stack is identical to APAR IC92662, but the problem is different. Initial Impact: Low IBM Spectrum Protect Versions Affected: All IBM Spectrum Protect client levels on Unix/Linux platforms. Additional Keywords: Federal Information Processing Standard, FIPS140-2, cipher, TSM
Local fix
Specify PASSWORDACCESS PROMPT in the dsm.sys file.
Problem summary
**************************************************************** * USERS AFFECTED: * * Spectrum Protect backup-archive client versions 7.1 and 8.1 * * on all Unix and Linux platforms. * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION. * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is projected * * to be fixed in levels 7.1.8 and 8.1.2. Note that this is * * subject to change at the discretion of IBM. * ****************************************************************
Problem conclusion
Although, as per the following technote (http://www-01.ibm.com/support/docview.wss?uid=swg21442342): " ... Tivoli Storage Manager does not use FIPS compliant encryption in the following functions: - Passwords stored by the client. ... " the backup-archive operations using "PASSWORDACCESS GENERATE" setting should not get a core dump while running in the FIPS-enabled operating system environment. Upon the fix, while running in the FIPS-enabled operating system environment, "PASSWORDACCESS PROMPT" setting will be forced.
Temporary fix
Comments
APAR Information
APAR number
IT19949
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
71L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-03-29
Closed date
2017-04-20
Last modified date
2017-04-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
dsmc
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R71A PSY
UP
R71H PSY
UP
R71L PSY
UP
R71S PSY
UP
R81A PSY
UP
R81H PSY
UP
R81L PSY
UP
R81S PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71L","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
07 January 2022