A fix is available
APAR status
Closed as program error.
Error description
Before V1R13, all password entries were truncated to 8 characters. Therefore, customers could essentially utilize passwords greater than 8 characters and depend on FTP to truncate it to 8 characters. When support for password phrases was introduced in V1R13, the password entry a user entered was submitted unaltered. Therefore, customers who had passwords longer than 8 characters were failing to login because their original password had been truncated to 8 characters. Additional Symptom(s) Search Keyword(s): PASSWORDPHRASE NOPASSWORDPHRASE
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 13 * * IP: FTP * **************************************************************** * PROBLEM DESCRIPTION: The FTP user can specify passwords * * greater than 8 characters. Before * * V1R13, the FTP user depended on FTP to * * truncate a password to 8 characters in * * order to issue a valid SAF call. V1R13 * * support of password phrases removed * * this truncation and now passes the * * entire user's entry for their password * * on the SAF call. This is causing the * * SAF call to fail. The FTP user needs * * a way to disable password phrases to * * allow FTP to truncate passwords to 8 * * characters. * **************************************************************** * RECOMMENDATION: * **************************************************************** Prior to z/OS V1R13 an FTP password greater than 8 characters was truncated to 8 characters. Starting with V1R13 the z/OS FTP server supports password phrases. This support passes the provided password to the installation's security product without any truncation. The lack of the truncation can cause the FTP server's SAF call to fail. Installations need the ability to bypass password phrase support. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
FTP has been modified to support a new server FTP.DATA statement called PASSPHRASE. It indicates whether the FTP server supports logging into FTP with password phrases. The following documentation updates will be made. IBM Communications Server: IP Configuration Reference SC318776 1. Add the following FTP.DATA data set statement PASSPHRASE (FTP server) statement Use the PASSPHRASE statement to indicate whether the FTP server allows an FTP client to log into FTP with a password phrase. Syntax |-- PASSPHRASE TRUE --| ----|------------------------|--- |-- PASSPHRASE |- FALSE -| |- TRUE -| Parameters TRUE The FTP server allows an FTP client to log into FTP with a password phrase. This is the default. FALSE The FTP server does not allow an FTP client to log into FTP with a password phrase. Usage notes: When PASSPHRASE FALSE is configured in the server's FTP.DATA: - If an FTP client logs into FTP with a password greater than 8 characters, the password will be truncated to 8 characters. - The FTCHKPWD exit parameter at offset +36 points to a buffer consisting of a 2-byte field that contains zeros, followed by 100 blanks. Examples To allow an FTP client to log in FTP with a password phrase: PASSPHRASE TRUE 2. Add the note section below: FTP server user exits The FTCHKPWD user exit +36 Pointer to a buffer containing a field that is 2 bytes in length followed by the password or password phrase the user entered to log in to the FTP server. Notes: - When PASSPHRASE FALSE is configured in the server's FTP.DATA, this field points to a buffer consisting of a 2-byte field that contains zeros, followed by 100 blanks. - When PASSPHRASE TRUE is configured in the server's FTP.DATA, this field points to a buffer consisting of a 2-byte field that contains the length of the password or password phrase followed by a 100-byte field. This field contains the password or password phrase that was used to log in to FTP, right-padded with blanks up to 100 characters in length. * Cross Reference between External and Internal Names EZAFTPSM (FTPDMSG )
Temporary fix
Comments
APAR Information
APAR number
PM62213
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1D0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-04-10
Closed date
2012-05-18
Last modified date
2012-08-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK79104
Modules/Macros
EZAFTPAS EZAFTPCY EZAFTPDM EZAFTPEP EZAFTPGM EZAFTPPR EZAFTPRA EZAFTPRM EZAFTPRX EZAFTPSD EZAFTPSM EZAFTPSR
| SC31877619 | SC31878010 | SX75012411 |
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1D0 PSY UK79104
UP12/07/21 P F207
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
09 August 2012