A fix is available
APAR status
Closed as program error.
Error description
New functionality is implemented to improve security between QM components: CAE Server, CAE Agents and CQM ISPF clients. Three enhancements are implemented to archive this goal: 1. All data between CAE Server and CAE Agents may be encrypted using AT-TLS rather than using an application-based encryption. 2. CQM ISPF client connects to local CAE Agent port rather than directly to CAE Server. 3. Added support for users that have enabled Multi Factor Authentication.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Db2 Query Monitor z/OS. * **************************************************************** * PROBLEM DESCRIPTION: Security improvements for CAE Server * * and Agent. * **************************************************************** * RECOMMENDATION: APPLY the PTF. * **************************************************************** APAR adds new functionality to CAE Server and CAE Agent to support pass-phrase. **************************************************************** * Known issues/limitations * **************************************************************** 1.Although special characters in password/pass-phrase are more secure and harder to guess they might cause issues for JDBC connections which CAE server establishes to Db2 for z/OS (like '|' vertical bar). More information can be found in the following documentation: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/ com.ibm.zos.v2r3.icha700/ascp.htm 2. By default CAE Server uses CCSID 500 for all data encoding between CAE server and z/OS including password/pass-phrase. This means that during initial login password/pass-phrase will be decoded with CCSID 500 and sent to RACF for authentication. This could cause issues if the password/pass-phrase contains special characters which have different representations in different code pages and was created in another CCSID. In this case the following java option can be specified during CAE startup to change the default CCSID (value can be any which is supported by JRE):
Problem conclusion
APAR adds new functionality to CAE Server and CAE Agent to support pass-phrase. It also changes the Data sharing behavior in ISPF such that ISPF cannot connect to CAE Server directly and will work via CAE Agent only. Search Keywords: PASS-PHRASE CAE SERVER AGENT
Temporary fix
Comments
APAR Information
APAR number
PH10478
Reported component name
DB2 QUERY MONIT
Reported component ID
5655E6701
Reported release
330
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-04-01
Closed date
2019-04-04
Last modified date
2019-05-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI62338
Modules/Macros
CQM#CTLF CQM#INIX CQM#IVCV CQM#LCSX CQM#PARM CQM#PCIX CQM#QSQL CQM$$DSC CQM$ABND CQM$ACTV CQM$CALL CQM$DELY CQM$FLTC CQM$HSTV CQM$INTV CQM$MAIN CQM$QLCA CQM$QRPT CQM$SLIP CQM$SM01 CQM$SM02 CQM$SMKY CQM$SQC2 CQM$SQC3 CQM$SQCD CQM$SQCE CQM$SQCS CQM$SQLT CQM$TEXT CQM$XQVE CQM$YLOG CQM$YXLG CQM$ZCMD CQM@LIDA CQMCAE CQMCAEAP CQMCAEPT CQMCAESV CQMCPRMS CQMCPXPT CQMDISCO CQMHDSCD CQMMINIX CQMMQAPX CQMMSTR CQMPARMS CQMPARSE
Fix information
Fixed component name
DB2 QUERY MONIT
Fixed component ID
5655E6701
Applicable component levels
R330 PSY UI62338
UP19/04/10 P F904
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSZJXP","label":"DB2 Tools for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.3.0"}]
Document Information
Modified date:
18 March 2021