IBM Support

PM66764: User can log into ClearCase CM Server on Linux with expired DES-encrypted password

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In IBM Rational ClearCase 7.1.x a user may be able to log into a
    ClearCase Change Management (CM) Server hosted on a Linux server
    even though that user's local account password has expired.
    This has only been observed when the password is encrypted using
    DES in the /etc/shadow file. When another encryption method is
    used, the user will be presented with an error indicating a
    problem with the credentials:
    
    CRVAP0383E Logon failure: unknown user name or bad password.
    CRVSV0078E Error from RPC server: CRVSV0841E 'CRVSV0585E
    Attempted login failed: Unable to login: username or password is
    incorrectUnable to login: username or password is incorrect'.
    
    Steps to reproduce the issue:
    
    1) Encrypt user password using DES encryption (this can be done
    with OS settings or manually with chpasswd -c DES).
    2) Allow the password to expire (or manually expire it with
    chage -d 0).
    3) The user can still log into the CM Server with a ClearCase
    Remote Client (CCRC) without changing the password. Logging
    directly into the server will require a password change.
    
    Workarounds:
    It is possible to work around this issue by using another method
    of password encryption (such as: MD5, SHA512, Blowfish).
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    User can log into ClearCase CM Server on Linux with expired
    DES-encrypted password
    

Problem conclusion

  • A fix is available in ClearCase versions 7.1.2.8 and 8.0.0.4
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM66764

  • Reported component name

    CLEARCASE WIN

  • Reported component ID

    5724G2900

  • Reported release

    711

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-06-13

  • Closed date

    2012-09-26

  • Last modified date

    2012-09-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    CLEARCASE WIN

  • Fixed component ID

    5724G2900

Applicable component levels

  • R711 PSN

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
26 September 2012