IBM Support

IZ66833: AIX: EXTRA CHARACTER IN LL AUDIT RECORD FIELD

Fixes are available

Tivoli Access Manager for Operating Systems 6.0.0-TIV-PDO-FP0030
Tivoli Access Manager for Operating Systems 6.0.0-TIV-PDO-FP0023
Tivoli Access Manager for Operating Systems 6.0.0-TIV-PDO-IF0024

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a TAMOS login policy is on and a user does not successfully
log into an AIX system that is using "CDE without graphical
boot" as the user interface,  an extra character is written at
the end of  the Login Location (LL) field.

Reproduction:
In smitty, change System Environments/Change System User
Interface.
Change "Select System Login User Interface" field to "CDE 1.0
without graphical boot".
Reboot the system
Start TAMOS (if not already autostarted)
turn logindeny and loginpermit auditing on (pdosctl -a
loginpermit,logindeny)
Login to system using Xwindows client (using cygwin/X from a
cygwin/bash shell:  Xwin :0 -query <systemname>)
Run pdosaudview

Audit log:
*** START OF NEW RECORD ***

Timestamp                              Tue Dec 15 10:40:33
CST 2009
Audit Event                            A login related auth
orization decision was made.
Audit View                             Deny
Audit Reason                           Global Audit
Audit Resource Type                    Login
Accessor Name                          root
Accessor Effective Name                root
Audit Action                           Login
Audit Qualifier                        Login denied by nati
ve authentication method.
Protected Object Name                  /usr/dt/bin/dtlogin
Login Location Identifier              /dev/consoled
Accessor Process ID                    299218
Running Program Protected Name         /usr/dt/bin/dtlogin
Running Program System Resource Name   /usr/dt/bin/dtlogin
Audit Outcome                          Success
Audit Uniqifier                        0

Local fix

  • 



Problem summary


    

  • AIX.  Unsuccessful login using CDE without graphical interface
an extra character is written a the end of the Login Location
(LL) field.

    



Problem conclusion


    

  • |fixpack|6.0.0-TIV-PDO-FP0023

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IZ66833
    • 

  • Reported component name
    ACCESS MGR OS
    • 

  • Reported component ID
    5698PDO00
    • 

  • Reported release
    600
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2009-12-15
    • 

  • Closed date
    2010-01-28
    • 

  • Last modified date
    2010-01-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ACCESS MGR OS
    • 

  • Fixed component ID
    5698PDO00
    • 



Applicable component levels


    

  • R600  PSY
       UP
    • 

  • R510  PSN
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFW4","label":"Tivoli Access Manager for Operating Systems"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600"}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback