IBM Support

OA49950: RA.U incorrectly INDICATES CERTIFICATE ANCHOR USER ID'S HAVE EXPIRED PASSWORDS AND LEGACY ENCRYPTION OF PASSWORD.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The zSecure RA.U function indicates the certificate anchor ID's
    (irrcerta, irrsitec and irrmulti) have expired passwords, and
    legacy encryption for their passwords.  These user ID's are
    unusable, and therefore should not have either of these
    indicators set.
    

Local fix

  • Ignore RA.U displays of the certificate anchor user ID's.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin exploiting user       *
    *                 profile reports.                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin reports the password      *
    *                      related fields for the digital          *
    *                      certificate anchor user IDs             *
    *                      incorrectly.                            *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The password/passphrase related fields like expiration (field
    PASSWORD_EXPIRED/PHRASE_EXPIRED), presence (HAS_PASSWORD/
    HAS_PHRASE), expiration date (PASSWORD_EXPIRE_DATE/
    PHRASE_EXPIRE_DATE), legacy (PWD_LEGACY/PHR_LEGACY) are reported
    incorrectly for the digital certificate anchor user IDs
    irrcerta, irrmulti, and irrsitec.
    

Problem conclusion

  • zSecure Admin has been modified so that the password/phrase
    related fields for the digital certificate anchor user IDs are
    reported as missing.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA49950

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    211

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-02-16

  • Closed date

    2016-06-07

  • Last modified date

    2016-07-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA81902 UA81903

Modules/Macros

  •    CKRCFS   CKRDANYP CKRDICB  CKRDTMPL CKRLINIT
    CKRLINI2 CKROUPUT CKRTMPIN
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R211 PSY UA81902

       UP16/06/09 P F606

  • R220 PSY UA81903

       UP16/06/09 P F606

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"211","Edition":""}]

Document Information

Modified date:
04 July 2016