A fix is available
APAR status
Closed as new function.
Error description
New Function
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of z/OS TSO/E. * **************************************************************** * PROBLEM DESCRIPTION: This support provides the ability * * to inhibit all user information prior * * to the successful input of a valid * * password. * **************************************************************** * RECOMMENDATION: * **************************************************************** Information regarding a TSO/E user may be presented via the logon panel prior to the password being entered.
Problem conclusion
Temporary fix
Comments
A new option has been added to TSO/E Logon processing that an installation can activate which will require a user to successfully enter both a valid TSO/E User ID as well as the password before having any interaction with the system or access to any user information. By having PASSWORDPREPROMPT(ON) specified on the LOGON statement of IKJTSOxx the user will be prompted for the password, which must be correct, before the full panel (with user attributes visible) is presented. Documentation changes associated with this new function are: **************************************************************** * FUNCTION AFFECTED: TSO/E (OA44855) * * Commands * **************************************************************** * DESCRIPTION : Documentation updates * **************************************************************** * TIMING : As Needed * **************************************************************** +==============================================+ = z/OS MVS Initialization and Tuning Reference = +==============================================+ - IKJTSOxx - add new system setting under the LOGON keyword | PASSWORDPREPROMPT(ON|OFF) | Specifies whether the user will be prompted to enter both | the User ID and password prior to the presentation of any | other information. | Warning: TSO/E Logon Exits may need to be updated before | activating PASSWORDPREPROMPT. Exit processing that affects | the TSO/E User ID or password may not work as expected. +==============================+ = z/OS TSO/E Command Reference = +==============================+ - LOGON command, section Full-Screen LOGON versus line mode LOGON If you enter more parameters than user_id on the LOGON command, TSO/E accepts and processes them with the | exception of the new password field. - LOGON command, section Full-Screen LOGON processing After you have issued a LOGON command the full-screen logon command processing performs the following: | o If your installation has PasswordPreprompt active | there will be a line mode prompt for password and if either | User ID and password are incorrect the system responds with | message Userid or Password not authorized and terminates. o It displays a menu with the previous session's logon param- eter values. Logon command parameters entered on the LOGON command override any default values from the previous session. | o If not previously entered, it requests a password. If you enter a not valid password, the system will prompt you to re-enter it after you have pressed the Enter key. +==========================+ = z/OS TSO/E Customization = +==========================+ - Add a new section to Chapter 8. Customizing the logon and logoff process | Activating PasswordPrePrompt support | To provide additional security to the installation by | requiring the user to provide both the user ID and password | before allowing any additional access, follow these steps: | 1. Set the PASSWORDPREPROMPT parameter on the LOGON state- | ment in the SYS1.PARMLIB member IKJTSOxx to (ON). | 2. Use the MVS SET IKJTSO=xx or TSO/E PARMLIB UPDATE(xx) | command to update the system setting. | This forces the user to provide both the user ID and the | password before further processing can occur. If either item | is incorrect then message USERID OR PASSWORD NOT AUTHORIZED is | issued. | Warning: TSO/E Logon Exits may need to be updated before | activating PASSWORDPREPROMPT. Exit processing that affects | the TSO/E User ID or password may not work as expected. - Update Logon pre-display exit IKJEFLN1 The pre-display exit, IKJEFLN1, receives control just before | the logon panel is displayed to the TSO/E user, and if | PasswordPrePrompt is active,just after the password has been | accepted. This exit receives control each time the panel | is redisplayed to the TSO/E user. - Update the description of User ID under Parameter Descriptions for IKJEFLN1 User ID This parameter contains the user ID that was specified by the user in the LOGON command. You can change the user ID parameter using this exit. The maximum length of the data | is 7 bytes. Note that if PasswordPrePrompt is active the | User ID will already be validated and cannot be updated. - Update the description of Password under Parameter Descriptions for IKJEFLN1 Password | Upon initial invocation of IKJEFLN1 (and PasswordPrePrompt | is not active), this parameter does not contain any data. . . . | Note that if PasswordPrePrompt is active the Password will | already be validated and cannot be updated. - Update the description of Re-prompt under Parameter Descriptions for IKJEFLN2 If you wish to re-prompt a TSO/E user for a field, you must set this bit on. The Re-prompt Code parameter (parameter 15) describes the field for which the re-prompt is necessary. | Note that requesting a re-prompt for an already validated | field will cause a system ABEND. - Update the description of User ID under Parameter Descriptions for IKJEFLN2 User ID This parameter contains the user ID that was specified by the user in the LOGON command. You can change the user ID parameter using this parameter. The maximum length of the | data is 7 bytes. Note that if PasswordPrePrompt is active | the User ID will already be validated and cannot be updated. - Update the description of Password under Parameter Descriptions for IKJEFLN2 Password . . . | Note that if PasswordPrePrompt is active the Password will | already be validated and cannot be updated. +=====================+ = z/OS TSO/E Messages = +=====================+ - new message IKJ56474I | IKJ56474I USERID OR PASSWORD IS INCORRECT OR NOT AUTHORIZED | Explanation: The logon information that was provided was | not valid. | System action: The logon failed and the command is | terminated. | User response: Reissue the command with valid logon . | information for the user. | Module: IKJEFLEA, IKJEFLE3 | Program: LOGON | IKJ56475I PRE-PROMPT PROCESSING FAILED | Explanation: An error was encountered while verifying | the userid and password. | System action: The logon failed and the command is | terminated. | User response: Reissue the command with valid logon . | information for the user. If the problem | recurs, contact your TSO/E administrator. | Module: IKJEFLEA, IKJEFLE3 | Program: LOGON | IKJ56476I ENTER PASSWORD: | Explanation: A password has not yet been entered. | User response: Enter a valid password. . | Module: IKJEFLEA | Program: LOGON +=========================================+ = z/OS TSO/E System Diagnosis: Data Areas = +=========================================+ IKJTPVT Map - add TPVT_LGPC 76 (4C) BITSTRING TPVT_LOCAL_FLAGS 1111 .... * .... 1... TPVT_PHRS .... .1.. TPVT_APPL .... ..1. TPVT_LGNH | .... ...1 TPVT_LGPC PASSWORDPREPROMPT flag for | PARMLIB processing TPVT_LGNH 4C 02 | TPVT_LGPC 4C 01 TPVT_LOCAL_FLAGS0 4C IKJTSVT Map - add TSVTLGPC add to FLAG INDICATORS FOR TSVTFLG1 | .... ...1 TSVTLGPC "X'01'" PASSWORDPREPROMPT support | is active TSVTLGNH 128 2 | TSVTLGPC 128 1 TPVTLMOD 67 +=========================================+ = z/OS TSO/E User's Guide = +=========================================+ Section: Full-Screen Logon for a RACF-Defined User Add a Note: If PasswordPrePrompt is active, you will be prompted for your password prior to the display of the full-screen panel.
APAR Information
APAR number
OA44855
Reported component name
TSO/E SCHEDULAR
Reported component ID
566528502
Reported release
780
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2014-03-24
Closed date
2015-08-25
Last modified date
2015-10-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA78744 UA78745 UA78746
Modules/Macros
IKJEFLE IKJEFLEA IKJEFLE3 IKJEFLGN IKJEFLNL IKJEFLPL IKJEFLPU IKJEFRAF IKJEFXSR IKJMSP00 IKJPRMLB IKJPRMUP IKJTSVT
| SA227782XX | SA320975XX | SA227783XX | SA320976XX | SA227786XX |
| SA320970XX | GA227792XX | GA320983XX | SA227592XX | SA231380XX |
| SA227794XX | SA320971XX |
Fix information
Fixed component name
TSO/E SCHEDULAR
Fixed component ID
566528502
Applicable component levels
R7A0 PSY UA78746
UP15/09/09 P F509
R780 PSY UA78744
UP15/09/09 P F509
R790 PSY UA78745
UP15/09/09 P F509
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"780","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"780","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 October 2015