A fix is available
APAR status
Closed as program error.
Error description
SAF macro support for RACF APAR OA50748.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: RACF users with OA50748 applied * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** This APAR provides SAF macro support for RACF APAR OA50748.
Problem conclusion
SAF mapping macros are updated to support OA50748. The following fix category keyword identifies this APAR as pertaining to KDFAES password encryption: RACFPWENCR/K The following RACF publications have changes to support this apar. z/OS Security Server RACF Callable Services (SA22769100 SA23229300) z/OS Security Server RACF Data Areas (GA22768000 GA32088500) z/OS Security Server RACF Security Administrator's Guide (SA22768300 SA23228900) --------------------------------------------------------------- z/OS Security Server RACF Callable Services: For the R_Password callable service (IRRSPW00), there is an update to the description of the Function_parmlist parameter for function code X'0001': Verify a user's current password or phrase. A new option flag is defined in the XPW_VFY_OPTIONS field: x'40000000': If there is no ACEE cache entry that can be used to validate the password, then fail immediately with return code 8/8/8. The password may or may not be valid. Usage note 1 is replaced with the following: The password evaluation service checks to see if the specified password or phrase matches the one stored in the RACF database for the specified user. It also optionally provides password expiration and user revocation checking. When the caller requests the extra checking (and the x'40000000' bit is not set on in XPW_VFY_OPTIONS), and the request fails, or caching does not find a match, a RACROUTE REQUEST=VERIFY is issued. When the extra checking is not requested, no RACROUTE is issued. --------------------------------------------------------------- z/OS Security Server RACF Data Areas A new one-byte field named RCVTFLG4 is added at decimal offset 640 (X'280). Bit 0 of this field is named RCVTRPFF and, when on, indicates that the R_Password fast-fail option is available. --------------------------------------------------------------- z/OS Security Server RACF Security Administrator's Guide In the "Protecting general resources" chapter, in the section "Using the secured signon function", the heading titled "How RACF processes the password or PassTicket" has the following note added to step 1: Note: When RACF finds an ACEE in the VLF cache, PassTicket evaluation is performed first, and the value in the password field is only evaluated as a password if PassTicket evaluation is unsuccessful.
Temporary fix
Comments
APAR Information
APAR number
OA50749
Reported component name
SYS SECRTY SPT
Reported component ID
5752SC1BN
Reported release
780
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / Pervasive / Xsystem
Submitted date
2016-06-17
Closed date
2017-01-10
Last modified date
2017-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA83755 UA83756
Modules/Macros
ICHPRCVT IRRPCOMP
SA22769100 | SA23229300 | GA22768000 | GA32088500 | SA22768300 |
SA23228900 |
Fix information
Fixed component name
SYS SECRTY SPT
Fixed component ID
5752SC1BN
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"780","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"780","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 February 2017