A fix is available
APAR status
Closed as program error.
Error description
When customer runs with CICS TS 5.2 during the logon process, if the password is invalid , the info is collected by SMF 80. But the Terminal netname doesn't appear in the SMF 80 record as it used to appear when they run with CICS 4.2. Messages issued are : DFHSN1102 22/07/2015 12:05:28 ABCCICS Signon at netname nnnnnn user uuuuu has failed. Password not recognized. . DFHXS1201 22/07/2015 12:06:22 ABCCICS The password supplied in the verification request for userid uuuuuu was invalid. This occurred in transaction CESN when userid uuuu was signed on at netname nnnnnn. . These messages are the same but after APARs: PI21866 "This change supports the Enhanced Password Algorithm implemented in the RACF APAR OA43999 which applies to z/OS 1.12, 1.13 and 2.1. If these APARs are installed CICS will call a new callable service IRRSPW00 to for password authentication. This service will be used for basic authentication requests, VERIFY PASSWORD, VERIFY PHRASE and SIGNON requests. " ...the terminal netname no longer is passed by CICS to RACF for inclusion in SMF80.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users with PI21866 applied. * **************************************************************** * PROBLEM DESCRIPTION: RACF SMF 80 record no longer contains * * the terminal netname. * **************************************************************** * RECOMMENDATION: * **************************************************************** Following CICS APAR PI21866 when a signon fails message DFHSN1102 is issued which indicates that the signon failed at netname for that userid. The problem is that when RACF is called doing a RACROUTE VERIFYX to verify the password, only the userid and password are included. Other information, such as netname, is not sent and so the RACF SMF 80 record which is recording that invalid password attempt, does not include the netname. This is the port of entry and is required for auditing reasons.
Problem conclusion
UI22616 UI24127 UI25262 UI30325 UI22618 UI24130 UI25263 UI30326 CICS modules DFHUSAD, DFHXSPW and DFHXSSB have been changed to ensure that a port of entry is included on the RACROUTE VERIFYX call, so that the CICS netname can be included in the SMF 80 record for a password failure.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI46508
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
900
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-08-07
Closed date
2015-12-09
Last modified date
2016-05-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PI52900 010PC2 010PC2 010PC2 010PC2 010PC2 UI33709 010PC2
UI33710 010PC2 UI33707 UI33708 010PC2 012AC3 PI62428
Modules/Macros
DFHESN DFHISXS DFHPITC DFHSOSE DFHSZREQ DFHUSAD DFHWBSR DFHWBXN DFHXSAD DFHXSDM DFHXSFL DFHXSIS DFHXSLU DFHXSPW DFHXSPWT DFHXSRC DFHXSSA DFHXSSB DFHXSSBT DFHXSTRI EYU0VBPC
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R80M PSY UI33708
UP15/12/18 P F512 {
R800 PSY UI33707
UP15/12/18 P F512 {
R90M PSY UI33710
UP15/12/18 P F512 {
R900 PSY UI33709
UP15/12/18 P F512 {
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
13 May 2016