IBM Support

VM65719: RACF/VM PASSWORD AND SECURITY POLICY ENHANCEMENTS

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as new function.

Error description

  • New function - Password and Security Policy Enhancements
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of RACF/VM.                        *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    This APAR implements support in RACF/VM to:
    - accept additional special characters within passwords
    - allow stronger encryption of passwords
    - expire a password without changing it
    - clean up password history
    and also to provide
    - Helpdesk support
    - Minimum password change interval support
    - ALTUSER Revoke/Resume date management
    - RACUT200 database reserve/release support
    

Problem conclusion

Temporary fix

Comments

  • This APAR implements support in RACF/VM to:
    - accept additional special characters within passwords
    - allow stronger encryption of passwords
    - expire a password without changing it
    - clean up password history
    
    It also provides:
    - Helpdesk support which allows delegation of authority to
      non-security administrator users, such as help desk
      personnel, to reset passwords and password phrases and list
      user information.
    - Minimum password change interval support to allow the
      setting of a minimum password and password phrase change
      interval, which is the minimum number of days that must pass
      between a user's password or password phrase changes.
    - Revoke/Resume date management which adds the NOREVOKE and
      NORESUME keywords to the ALTUSER and CONNECT commands.
    - RACUT200 database reserve/release support which modifies the
      RACUT200 utility to place a reserve on the RACF database
      minidisk during the execution of any of its functions.
    
    See the z/VM RACF books (dated September 2015) for information
    on using these enhancements:
    http://www.vm.ibm.com/library/zvmpdf.html#zvmracf
    
    NOTE:  PREREQ PTF UV61261 for APAR VM65688 is required.
           (This is needed for special character support).
    
    The RACF database templates have been updated as part of this
    APAR.  Use the RACFCONV utility on the RACMAINT userid to
    update the templates for both the primary and the backup RACF
    database.  If you running a 1-4 member SSI system, follow these
    instructions:
    1. For 1-4 member SSI, verify the CP directory entry for the
       RACMAINT userid has:
       LINK RACFVM 200 200 MW
       LINK RACFVM 300 300 MW
    2. SERVICE RACF from MAINT630 on only one SSI member.
    3. FORCE RACFVM from Operator from each SSI member.
    4. LOGON RACMAINT on one SSI member and run the RACFCONV
       utility as follows:
       IPL 190
       RACFCONV
       enter
       200
       yes
    
       RACFCONV
       enter
       300
       yes
    
       IPL 490
       RACSTART
       #cp disc
    
    5. XAUTOLOG RACMAINT for the rest of the SSI members.
    6. PUT2PROD RACF from MAINT630 on each SSI member.
       Note: If PUT2PROD messages say to 'Recycle the appropriate
       servers' for both CP and RACF, then the recycle of z/VM is
       necessary for each SSI member.  Otherwise only RACF needs to
       be recycled on each SSI member.
    7. FORCE RACMAINT from Operator on each SSI member.
    8. XAUTOLOG RACFVM from Operator on each SSI member.
    Now RACF has been updated with the service and recycled for each
    SSI member.
    
         Application of this APAR causes VMSES/E's VMFAPPLY
    processing to incorrectly create an AUX file for part ICHPWX11
    ASSEMBLE and to update the RACF VVT file, 6VMRAC30 VVTRPI, with
    incorrect entries for ICHPWX11 ASSEMBLE and TEXT.  The
    following must be done to remove the incorrect AUX file and
    correct the VVT file entries:
    1.  Logon to the MAINT630 userid.
    2.  Access the RACF service disks:
        VMFSETUP SERVP2P RACF
    3.  Erase the file ICHPWX11 AUXRPI from the RACF Apply disk
        (either the 6VMRAC30 2A6 disk or the 6VMRAC30 2A2 disk):
        ERASE ICHPWX11 AUXRPI fm_2A6 | fm_2A2
    4.  Invoke the following two VMFSIM MODIFY commands:
        VMFSIM MODIFY 6VMRAC30 VVTRPI * TDATA :PART ICHPWX11 TXT
             :PTF UV61271.VM65719 (REPLACE
        VMFSIM MODIFY 6VMRAC30 VVTRPI * TDATA :PART ICHPWX11 ASM
             :PTF UV61271.VM65719 (REPLACE
    5.  Logoff the MAINT630 userid.
    
    This APAR provides equivalent support to APAR OA43999 for z/OS
    RACF.
    ×**** PE15/11/02 FIX IN ERROR. SEE APAR VM65767  FOR DESCRIPTION
    ×**** PE16/05/26 FIX IN ERROR. SEE APAR VM65840  FOR DESCRIPTION
    

APAR Information

  • APAR number

    VM65719

  • Reported component name

    RACF/VM SUPPORT

  • Reported component ID

    576700201

  • Reported release

    630

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-05-08

  • Closed date

    2015-09-03

  • Last modified date

    2016-06-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UV61271

Modules/Macros

  • ICHCAD00 ICHCAU00 ICHCCD00 ICHCCN00 ICHCCU00
    ICHCCU01 ICHCLG00 ICHCLU00 ICHCOP00 ICHCOP01 ICHCOP02 ICHCOP05
    ICHCOP06 ICHCOP07 ICHCOP08 ICHCPA00 ICHCPE00 ICHC54   ICHDEX01
    ICHGLS00 ICHHE02  ICHHP08  ICHH44A  ICHH54   ICHH54G  ICHM42
    ICHM54   ICHPRCVT ICHPTX00 ICHPWX11 ICHP42A2 ICHP54A  ICHRIN00
    ICHRSMF6 ICHSEC00 ICHSEC01 ICHSEC07 ICHS54   IFASMFR9 IRRADULD
    IRRADUTB IRRADUX1 IRRADU00 IRRADU01 IRRADU10 IRRADU20 IRRADU30
    IRRAES00 IRRBOG00 IRRCAU0P IRRCCU0P IRRCOP26 IRRCOP28 IRRCPA0P
    IRRDBU03 IRRENV11 IRRHIST0 IRRMCN00 IRRMDR00 IRRMER00 IRRMES00
    IRRMES01 IRRMGR00 IRRMGR03 IRRMIP00 IRRMPP00 IRRMRT00 IRRMRW00
    IRRMSP00 IRRMXPW0 IRRPAR50 IRRPHREX IRRREQTB IRRREQ02 IRRREQ03
    IRRRIN12 IRRSCHEM IRRSEC13 IRRTEMP2 IRRUT302 IRRUT303 IRRUT401
    IRRVPHRS IRRVPSWD IRRXTR00 IRRXTR01 MSGTABLE OSAMINTF RACDBULD
    RACDBUQR RACDBUTB RACUT200 RPIBLCMD RPIBLLPA RPIBLOBJ RPICLM00
    RPIMERM  RPIMLGN  RPIMSGSC RPISECMP
    

Publications Referenced
SC246142XX SC246144XX GC246145XX SC246146XX SC246147XX
GC246148XX SC246149XX SC246150XX GC246201XX  

Fix information

  • Fixed component name

    RACF/VM SUPPORT

  • Fixed component ID

    576700201

Applicable component levels

  • R630 PSY UV61271

       UP15/09/10 P 1601

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: z/VM family

Software version: 630

Operating system(s): VM/ESA, z/VM

Reference #: VM65719

Modified date: 16 June 2016


Translate this page: