A fix is available
APAR status
Closed as new function.
Error description
Enchance the VERIFY TOKEN API to support mutual authentication.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * CICS application development staff who require to use * * Kerberos mutual authentication. * **************************************************************** * PROBLEM DESCRIPTION: * * When a system supplies a Kerberos token to a CICS TS region * * that calls EXEC CICS VERIFY TOKEN() KERBEROS, * * that system cannot authenticate the CICS TS region by * * Kerberos mutual authentication. * **************************************************************** * RECOMMENDATION: * * . * **************************************************************** If a system generates a Kerberos token and transmits it to a CICS TS region, on arrival the Kerberos token can be used to authenticate that system with the EXEC CICS VERIFY TOKEN() KERBEROS application programming inteface command. However there is no way for the system that generates the Kerberos token to authenticate the CICS TS region.
Problem conclusion
The EXEC CICS VERIFY TOKEN() KERBEROS command is enhanced with the addition of options OUTTOKEN and OUTTOKENLEN. OUTTOKEN can be used to obtain a Kerberos output token and OUTTOKENLEN its length. Having obtained a Kerberos output token it can be transmitted from the CICS TS region to the system that generated the original Kerberos token and this allows the CICS TS region to be authenticated by the system that generates the orginal Kerberos token.
Temporary fix
Comments
APAR Information
APAR number
PI56774
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
000
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-02-08
Closed date
2016-06-21
Last modified date
2016-07-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI38813 UI38814 UI38815 UI38816
Modules/Macros
DFHEISU@
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R000 PSY UI38813
UP16/07/01 P F606
R00D PSY UI38814
UP16/07/01 P F606
R00M PSY UI38815
UP16/07/01 P F606
R003 PSY UI38816
UP16/07/01 P F606
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.3","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.3","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 July 2016