IBM Support

OA66067: NEW FUNCTION - SUPPORT FOR STRONGER ENCRYPTION OPTIONS FOR RACF PASSWORD AND PASSWORD PHRASE ENVELOPES

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • NEW FUNCTION

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: Installations that use RACF password         *
*                 and password phrase enveloping.              *
****************************************************************
* PROBLEM DESCRIPTION: RACF password and password phrase       *
*                      enveloping allows installations to      *
*                      detect RACF password and password       *
*                      phrase changes and create an encrypted  *
*                      version to sync with other systems.     *
*                      RACF password and password phrase       *
*                      enveloping does not support the AES     *
*                      encryption and SHA2 signing algorithms. *
****************************************************************
RACF password and password phrase enveloping is enhanced to
support the AES encryption and SHA2 signing algorithms.

The new signing hash algorithms are:
* x509_alg_sha512Digest
* x509_alg_sha384Digest
* x509_alg_sha256Digest

The new encryption algorithm is:
* x509_alg_aesCbc256

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • ---------------------------------------------------------------
The following publications have been updated:
SA232289xx z/OS Security Server RACF Security Administrator's
           Guide
For the specific topics that are updated, see the
'summary of changes' section for the publication.

    



APAR Information




    

  • APAR number
    OA66067
    • 

  • Reported component name
    RACF
    • 

  • Reported component ID
    5752XXH00
    • 

  • Reported release
    7E0
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    YesSpecatt / New Function / Xsystem
    • 

  • Submitted date
    2024-01-29
    • 

  • Closed date
    2024-06-06
    • 

  • Last modified date
    2024-07-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UJ95380
    

    • 



Modules/Macros


    

  • IRRLOG00 IRRLOG01 IRRPWC00

    




Publications Referenced


SA232289xx    





Fix information


    

  • Fixed component name
    RACF
    • 

  • Fixed component ID
    5752XXH00
    • 



Applicable component levels


    

  • R7E0  PSY  UJ95380
       UP24/06/26  P  F406   
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG19O"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"7E0"}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 July 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback