IBM Support

OA50930: NEW FUNCTION - ADDITIONAL MULTI-FACTOR AUTHENTICATION SUPPORT

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • NEW FUNCTION

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: RACF customers who exploit multi-factor      *
*                 authentication.                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Additional Support for multi-factor authentication is being
added to RACF.  This new function supports functional
enhancements in the IBM Multi-Factor Authentication for z/OS
V1.2 product by providing:
 - The ability to define authentication policies in support
   of compound authentication
 - The ability to verify and change an MFA user's RACF
   password or password phrase using RACROUTE REQUEST=VERIFY
   and VERIFYX

In addition, this support fixes a defect whereby IBM MFA is
sometimes called for tag deletion notification even when no
tags exist, resulting in messages ICH21048I (MSGICH21048I) and
ICH21056I (MSGICH21056I).

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • The RACF database templates are changed with this APAR. The
updated version string is:

$/VERSION OA50930 00000217.00000042

---------------------------------------------------------------

As part of this enhancement, new keywords are added to the
ALTUSER command.

Note that neither ISPF panel nor TSO HELP support is provided
for the new command keywords.

---------------------------------------------------------------

The following fix category keyword identifies this APAR as
pertaining to multi-factor authentication:

MFA/K

---------------------------------------------------------------

The document created for the initial MFA support delivered
with APAR OA48359 is enhanced to contain additional information
pertaining to OA50930.

This document can be found and downloaded from the following
  location:

ftp://ftp.software.ibm.com/s390/zos/racf/pdf/oa48359.pdf

The following RACF publications have changes to support this
apar.

z/OS Security Server RACF Security Administrator's Guide
 (SA232289xx)

z/OS Security Server RACF Command Language Reference
 (SA232292xx)

z/OS Security Server RACROUTE Macro Reference
 (SA232294xx)

z/OS Security Server RACF Callable Services
 (SA232293xx)

z/OS Security Server RACF Macros and Interfaces
 (SA232288xx)

z/OS Security Server RACF Data Areas
 (GA320885xx)

z/OS Security Server RACF Messages and Codes
 (SA232291xx)

    



APAR Information




    

  • APAR number
    OA50930
    • 

  • Reported component name
    RACF
    • 

  • Reported component ID
    5752XXH00
    • 

  • Reported release
    790
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-07-21
    • 

  • Closed date
    2016-10-28
    • 

  • Last modified date
    2016-12-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UA91003 UA91005
    

    • 



Modules/Macros


    

  • HRF77A0J HRF7790J ICHCCU00 ICHCCU01 ICHCDX43 ICHCDX45 ICHCLU00
ICHIRCVT ICHRIN00 ICHRIXP  ICHSEC07 IRRADU10 IRRADU20 IRRCCU0P
IRRDBU03 IRRDPE00 IRRDPE01 IRRDPSDS IRRIRIPL IRRREQTB IRRRFA03
IRRRFA05 IRRRFA64 IRRRIN09 IRRTEMP2 IRRTRC01 IRRVMFA0 IRRXTR01
RACDBULD RACDBUTB

    




Publications Referenced


SA23228900SA23229200SA23229400SA23229300SA23228800


GA32088500SA23229100   





Fix information


    

  • Fixed component name
    RACF
    • 

  • Fixed component ID
    5752XXH00
    • 



Applicable component levels


    

  • R7A0  PSY  UA91005
       UP16/11/16  P  F611
    • 

  • R790  PSY  UA91003
       UP16/11/16  P  F611
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"790","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"790","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            01 December 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback