IBM Support

OA51035: USING P ACTION CHARACTER IN RA.U TO SET RANDOM PASSWORD SETS A LEGACY PASSWORD WHEN KDFAES ENABLED

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • With KDFAES set in SETROPTS, go into Option RA.U and choose a
    user
    Enter a P next to the user to set the password
    Use option 1 (password) and 6 (Random) - other options not
    needed
    When the CKGRACF command is issued (ckgracf user CRMBAB3 pwset
    random password),
    Check the setting in the user's information (RA.U and S next to
    user ID)
    
    The information that is shown indicates a legacy password
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin managing user         *
    *                 passwords with RACF KDFAES password          *
    *                 encryption enabled.                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin sets a legacy password    *
    *                      when the 'P' action character against   *
    *                      a user profile is used to set a random  *
    *                      password (interactive mode) or the      *
    *                      CKGRACF USER PWSET RANDOM command is    *
    *                      used and the RACF KDFAES password       *
    *                      encryption option is set.               *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the 'P' (Change password or phrase and resume) action
    character is used to a user profile in interactive mode to
    set a random password or the CKGRACF USER PWSET RANDOM command
    is invoked, and the KDFAES RACF password encryption algorithm
    is enabled, the zSecure Admin sets a legacy password.
    

Problem conclusion

  • The zSecure CKGRACF component has been modified so that the
    CKGRACF USER ... PWSET RANDOM  PHRASE  sets a non-legacy
    password  phrase  when the KDFAES RACF password encryption
    algorithm is in effect. Please note the documentation changes as
    provided by the APAR tracking comment data.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA51035

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    211

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-08-04

  • Closed date

    2016-09-14

  • Last modified date

    2016-10-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA82782 UA82783 UA82784

Modules/Macros

  •    CKGPCMD
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R210 PSY UA82782

       UP16/09/15 P F609

  • R211 PSY UA82783

       UP16/09/15 P F609

  • R220 PSY UA82784

       UP16/09/15 P F609

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"211","Edition":""}]

Document Information

Modified date:
04 October 2016