IBM Support

OA62480: MODIFY CKGRACF TO EASE INTERFACING WITH PASSWORD SYNCHRONIZATIONTOOLS

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Modify CKGRACF to ease interfacing with password synchronization
tools.

Modify CKGRACF to pass a fake ALU (user) NOEXPIRED command to
RACF password and phrase exits if NONEXPIRED is being requested
to ease interfacing with password synchronization tools.

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED: Users of the zSecure CKGRACF component       *
*                 managing user passwords and password         *
*                 phrases.                                     *
****************************************************************
* PROBLEM DESCRIPTION: New function to allow the CKGRACF       *
*                      component of the zSecure Suite to ease  *
*                      interfacing with password               *
*                      synchronization tools.                  *
****************************************************************
* RECOMMENDATION: Apply the PTF provided.                      *
****************************************************************
When the password expiration option (NONEXPIRED) is specified
for the "USER PWSET PASSWORD" or "USER PWSET PHRASE" CKGRACF
command, password synchronization tools may not be aware of
this, so when the passwords are propagated by these tools,
the non-expired  status is not correctly set on the other
systems.

Problem conclusion

  • The CKGRACF component of the zSecure Suite has been modified so
that it passes a fake "ALU (user) NOEXPIRED" command to the RACF
new password and new phrase exits (ICHPWX01 and ICHPWX11) if
NONEXPIRED is requested, to ease interfacing with password
synchronization tools.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    OA62480
    • 

  • Reported component name
    ZSEC BASE,ADMIN
    • 

  • Reported component ID
    5655T0100
    • 

  • Reported release
    240
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-11-25
    • 

  • Closed date
    2021-12-01
    • 

  • Last modified date
    2022-01-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UJ07185 UJ07186
    

    • 



Modules/Macros


    

  • CKGPWDC

    



Fix information


    

  • Fixed component name
    ZSEC BASE,ADMIN
    • 

  • Fixed component ID
    5655T0100
    • 



Applicable component levels


    

  • R240  PSY  UJ07186
       UP21/12/04  P  F112
    • 

  • R250  PSY  UJ07185
       UP21/12/04  P  F112
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 January 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback