A fix is available
APAR status
Closed as new function.
Error description
RACF now supports an extended set of special characters which IMS/ICON does not currently support.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All IMS V14 IMS Connect users that have * * RACF security enabled to authenticate * * TCP/IP connections. * **************************************************************** * PROBLEM DESCRIPTION: * * IMS Connect does not allow the new * * special password characters supported * * by RACF. * **************************************************************** * RECOMMENDATION: * * INSTALL CORRECTIVE SERVICE FOR APAR/PTF * **************************************************************** RACF has introduced 14 special characters that can be used in RACF passwords. IMS Connect currently treats those special characters as invalid for RACF passwords. Below are the new special characters supported by RACF. The symbols shown are for EBCDIC code page 1047 or 037. IMS Connect uses EBCDIC code page 037 when validating the password characters. Special Characters (EBCDIC): 4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E <-- Hex value . < + | & ! * - % _ > ? : = <-- Symbol The special characters are in addition to the existing national characters: 5B 7B 7C $ # @
Problem conclusion
Via this APAR, IMS Connect Version 14 and later will allow passwords, sent by TCP/IP clients, that contain the new special characters supported by RACF. Please take a look at the documentation changes for more information about the new special characters. This APAR adds support for the special characters to IMS Connect only. APAR PI48111 adds support for the special characters to IMS 14. Additional service for IMS Connect clients might be required to enable the client support for the special characters. APAR PI30848 adds the support to the IMS Universal Drivers and APAR PI52846 adds the support to IMS Enterprise Suite Connect API for Java. The following IBM provided IMS Connect TCP/IP clients do not need additional service: - IMS Enterprise Suite SOAP Gateway - IMS Transaction Manager (TM) Resource Adapter Clients must pass the special characters to IMS Connect by using the appropriate hexadecimal values. Before enabling special character support in RACF, you should make sure all your IMS Connect systems have this APAR applied and that all your IMS Connect TCP/IP clients support sending password with special characters. Please note that support for LOCAL port is not enhanced. Thus, IMS Transaction Message Resource Adapter using the LOCAL port is not supported. Also note that you should expect unpredictable results if you have enabled special character support in RACF and you have systems running mixed versions of IMS Connect and/or IMS Connect systems without this APAR. The support provided via this APAR is only available for IMS Connect Version 14 and later. The following IMS Connect parts have been enhanced to allow the use of the new special characters when validating a RACF password provided by a TCP/IP client: HWSMDRCV: Allow special characters for DRDA clients HWSPWCH0: Allow special characters for password change requests HWSSDRCV: Allow special characters for TCP/IP clients Below are the three HOLD CARDs needed for this APAR >>HOLD CARD data for New Function: *************************************************************** PI48112 *************************************************************** ADDs IMS Connect support for special characters in RACF passwords for TCP/IP clients. Function name: Special characters in RACF passwords. - This new function allows IMS Connect to accept passwords, sent by TCP/IP clients, that contain the new special characters supported by RACF. Before using this new feature make sure your IMS Connect TCP/IP clients have support for special characters. See APAR closing text or PTF cover letter for complete details. *************************************************************** >>HOLD CARD data for User Message Exit impact: *************************************************************** PI48112 *************************************************************** - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- This service contains an IMS supplied USER EXIT. -- -- -- -- Special handling may be required. -- ------------------------------------------------------- Depending on how your zones are configured, SMP/E APPLY of this service may re-link this USER EXIT into your existing SDFSRESL. - - Please consider the following: This service updates or changes an IMS USER EXIT. To install the latest version of this exit into IMS.SDFSRESL, it may require you to re-assemble (with these changes) and re-link into SDFSRESL your own customized version of this USER EXIT. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MODULE(S) AFFECTED: HWSDPWR1, HWSJAVA0, HWSSMPL0, and HWSSMPL1 If your installation is currently using the HWSDPWR1, HWSJAVA0, HWSSMPL0, or HWSSMPL1 user message exits, or you have written your own user message exits that function in a manner similar to the HWSDPWR1, HWSJAVA0, HWSSMPL0, or HWSSMPL1 user message exits, this APAR impacts you. ** You MUST read this entire document and take action as necessary for your installation. ** The client password change exit routine HWSPWCH0 has been modified to support special characters in RACF passwords. You may need to bind this new copy to your existing user message exit(s). >>HOLD CARD data for document changes: DOCUMENTATION CHANGE FOR APAR PI48112 THIS MAINTENANCE IS BEING HELD SO YOU WILL BE AWARE OF DOCUMENTATION CHANGE TO MANUAL(S): SC19421300 GC19422400 - THE FOLLOWING TEXT DESCRIBES THE DOC CHANGE: - -------------------------- DOCUMENT CHANGES FOLLOW: -------------------------- SRLs SC19421300 GC19422400 ------------------- SC19-4213-00 SC19421300 In: IMS V14 Communications and Connections Under: "Format of user portion of IRM for HWSSMPL0, HWSSMPL1, and user-written message exit routines" Please add to the table "User portion of IRM for HWSSMPL0, HWSSMPL1, and user-written user message exits" the information below into the "Meaning" column for the row with field "IRM_RACF_PW" The password may contain any of the special characters shown below. IMS Connect uses EBCDIC code page 037 to perform password character validation. The symbols shown apply to EBCDIC code page 1047 and 037. Special Characters (EBCDIC): 4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E <-- Hex value . < + | & ! * - % _ > ? : = <-- Symbol The special characters are in addition to the existing national characters: 5B 7B 7C $ # @ ------------------- ------------------- GC19-4224-00 GC19422400 Under IMS V14: Release Planning IMS Version 14 enhancements IMS system enhancements Add a new section: "IMS Connect Support of RACF Special Characters" With summary: IMS Connect has been enhanced via APAR PI48112 to allow the use of the new special characters that can be part of RACF passwords. Body of new section should contain this text: RACF has introduced a set of special characters that can be used in RACF passwords. IMS Connect currently treats those special characters as invalid for RACF passwords. With APAR PI48112, IMS Connect will support the new special characters for RACF passwords. Below are the new special characters supported by RACF. The symbols shown are for EBCDIC code page 1047 or 037. IMS Connect uses EBCDIC code page 037 when validating the password characters. Special Characters (EBCDIC): 4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E <-- Hex value . < + | & ! * - % _ > ? : = <-- Symbol The special characters are in addition to the existing national characters: 5B 7B 7C $ # @ -------------------
Temporary fix
Comments
APAR Information
APAR number
PI48112
Reported component name
IMS V14
Reported component ID
5635A0500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2015-09-03
Closed date
2015-12-07
Last modified date
2016-01-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI33600 PI54038
Modules/Macros
HWSSDRCV HWSPWCH0 HWSMDRCV
SC19421300 | GC19422400 |
Fix information
Fixed component name
IMS V14
Fixed component ID
5635A0500
Applicable component levels
R400 PSY UI33600
UP15/12/09 P F512
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPH2","label":"IMS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"14.1","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
01 December 2023