IBM Support

OA50610: WHEN RECREATING A USERID FROM RA.U USING CKGRACF, NOPASSWORD IS INCORRECTLY USED.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • USER <user> PWSET NOPASSWORD NONEXPIRED was attempted with a
    user that had no password phrase. This is not allowed anymore.
    

Local fix

  • Manually editing the CKGRACF generated CARLa.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin exploiting the        *
    *                 'RECREATE USER' action that uses the CKGRACF *
    *                 function in interactive mode (interactive    *
    *                 option RA.U, action character 'R' against a  *
    *                 profile).                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin might generate an         *
    *                      incorrect CKGRACF command while         *
    *                      performing a 'RECREATE USER' action.    *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the 'R' (RECREATE) action character is applied to a user
    profile and the corresponding user has no password and is not
    protected, the zSecure Admin generates an incorrect CKGRACF
    command (if the option 'Use CKGRACF to update the user profile'
    is used) that fails when executed.
    

Problem conclusion

  • The zSecure Admin and the CKGRACF component have been modified
    to perform the 'RECREATE USER' action correctly. Please note the
    documentation changes as provided by the APAR tracking comment
    data.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA50610

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    211

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2016-05-27

  • Closed date

    2016-10-10

  • Last modified date

    2016-11-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA83005 UA83006

Modules/Macros

  •    CKGCHK   CKGCVOP  CKGINC   CKGINP   CKGINPC
    CKGINPU  CKGLCMD  CKGLIST  CKGMAIN  CKGPCMD  CKGPWDC  CKGTERM
    CKGTSO   CKGUSRD  CKGXRUS  CKRXRUS
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R211 PSY UA83005

       UP16/10/14 P F610

  • R220 PSY UA83006

       UP16/10/14 P F610

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"211","Edition":""}]

Document Information

Modified date:
02 November 2016