IBM Support

PI48112: ICON SUPPORT FOR RACF SPECIAL CHARACTERS.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • RACF now supports an extended set of special characters which
    IMS/ICON does not currently support.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All IMS V14 IMS Connect users that have                      *
    * RACF security enabled to authenticate                        *
    * TCP/IP connections.                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * IMS Connect does not allow the new                           *
    * special password characters supported                        *
    * by RACF.                                                     *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * INSTALL CORRECTIVE SERVICE FOR APAR/PTF                      *
    ****************************************************************
    RACF has introduced 14 special characters that can be used
    in RACF passwords. IMS Connect currently treats those
    special characters as invalid for RACF passwords.
    Below are the new special characters supported by RACF.
    The symbols shown are for EBCDIC code page 1047 or 037.
    IMS Connect uses EBCDIC code page 037 when validating the
    password characters.
    Special Characters (EBCDIC):
    4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E  <-- Hex value
     .  <  +  |  &  !  *  -  %  _  >  ?  :  =  <-- Symbol
    The special characters are in addition to the existing
    national characters:
    5B 7B 7C
     $  #  @
    

Problem conclusion

  • Via this APAR, IMS Connect Version 14 and later will allow
    passwords, sent by TCP/IP clients, that contain the new
    special characters supported by RACF. Please take a look at
    the documentation changes for more information about the new
    special characters.
    
    This APAR adds support for the special characters to IMS
    Connect only. APAR PI48111 adds support for the special
    characters to IMS 14. Additional service for IMS Connect
    clients might be required to enable the client support for the
    special characters. APAR PI30848 adds the support to the
    IMS Universal Drivers and APAR PI52846 adds the support to
    IMS Enterprise Suite Connect API for Java.
    The following IBM provided IMS Connect TCP/IP clients do not
    need additional service:
    - IMS Enterprise Suite SOAP Gateway
    - IMS Transaction Manager (TM) Resource Adapter
    
    Clients must pass the special characters to
    IMS Connect by using the appropriate hexadecimal values. Before
    enabling special character support in RACF, you should make
    sure all your IMS Connect systems have this APAR applied and
    that all your IMS Connect TCP/IP clients support sending
    password with special characters.
    
    Please note that support for LOCAL port is not enhanced. Thus,
    IMS Transaction Message Resource Adapter using the LOCAL port
    is not supported.
    
    Also note that you should expect unpredictable results if you
    have enabled special character support in RACF and you have
    systems running mixed versions of IMS Connect and/or
    IMS Connect systems without this APAR. The support
    provided via this APAR is only available for IMS Connect
    Version 14 and later.
    
    The following IMS Connect parts have been enhanced to allow the
    use of the new special characters when validating a RACF
    password provided by a TCP/IP client:
    
    HWSMDRCV: Allow special characters for DRDA clients
    HWSPWCH0: Allow special characters for password change requests
    HWSSDRCV: Allow special characters for TCP/IP clients
    
    
    Below are the three HOLD CARDs needed for this APAR
    
    >>HOLD CARD data for New Function:
    ***************************************************************
    PI48112
    ***************************************************************
    ADDs IMS Connect support for special characters in RACF
         passwords for TCP/IP clients.
    Function name: Special characters in RACF passwords.
    -
    This new function allows IMS Connect to accept passwords, sent
    by TCP/IP clients, that contain the new special characters
    supported by RACF. Before using this new feature make sure your
    IMS Connect TCP/IP clients have support for special characters.
    
    See APAR closing text or PTF cover letter for
    complete details.
    ***************************************************************
    
    
    
    >>HOLD CARD data for User Message Exit impact:
    ***************************************************************
    PI48112
    ***************************************************************
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    -- This service contains an IMS supplied USER EXIT.  --
    --                                                   --
    --       Special handling may be required.           --
    -------------------------------------------------------
    Depending on how your zones are configured, SMP/E
    APPLY of this service may re-link this USER EXIT
    into your existing SDFSRESL.
             -        -
    Please consider the following:
      This service updates or changes an IMS USER EXIT.
      To install the latest version of this exit into
      IMS.SDFSRESL, it may require you to re-assemble (with
      these changes) and re-link into SDFSRESL your own
      customized version of this USER EXIT.
             -        -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
       MODULE(S) AFFECTED:
    HWSDPWR1, HWSJAVA0, HWSSMPL0, and HWSSMPL1
    If your installation is currently using the HWSDPWR1,
    HWSJAVA0, HWSSMPL0, or HWSSMPL1 user message exits,
    or you have written your own user message exits that
    function in a manner similar to the HWSDPWR1, HWSJAVA0,
    HWSSMPL0, or HWSSMPL1 user message exits, this APAR
    impacts you.
    ** You MUST read this entire document and take
    action as necessary for your installation. **
    The client password change exit routine HWSPWCH0 has been
    modified to support special characters in RACF passwords.
    You may need to bind this new copy to your existing user
    message exit(s).
    
    
    
    >>HOLD CARD data for document changes:
    DOCUMENTATION CHANGE FOR APAR PI48112
    THIS MAINTENANCE IS BEING HELD SO YOU WILL BE
    AWARE OF DOCUMENTATION CHANGE TO MANUAL(S):
    SC19421300
    GC19422400
    -
    THE FOLLOWING TEXT DESCRIBES THE DOC CHANGE:
    -
                     --------------------------
                      DOCUMENT CHANGES FOLLOW:
                     --------------------------
    SRLs
    SC19421300
    GC19422400
    
    -------------------
    SC19-4213-00
    SC19421300
    
    In: IMS V14 Communications and Connections
    Under: "Format of user portion of IRM for HWSSMPL0, HWSSMPL1,
    and user-written message exit routines"
    
    Please add to the table "User portion of IRM for HWSSMPL0,
    HWSSMPL1, and user-written user message exits"
    the information below into the "Meaning" column for the row
    with field "IRM_RACF_PW"
    
    The password may contain any of the special characters shown
    below. IMS Connect uses EBCDIC code page 037 to perform
    password character validation. The symbols shown apply to
    EBCDIC code page 1047 and 037.
    
    Special Characters (EBCDIC):
    4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E  <-- Hex value
     .  <  +  |  &  !  *  -  %  _  >  ?  :  =  <-- Symbol
    The special characters are in addition to the existing
    national characters:
    5B 7B 7C
     $  #  @
    -------------------
    
    
    -------------------
    GC19-4224-00
    GC19422400
    
    Under IMS V14:
    Release Planning
      IMS Version 14 enhancements
       IMS system enhancements
    
    Add a new section:
    "IMS Connect Support of RACF Special Characters"
    
    With summary:
    IMS Connect has been enhanced via APAR PI48112 to allow the
    use of the new special characters that can be part of
    RACF passwords.
    
    Body of new section should contain this text:
    RACF has introduced a set of special characters that can
    be used in RACF passwords. IMS Connect currently treats
    those special characters as invalid for RACF passwords.
    With APAR PI48112, IMS Connect will support the new
    special characters for RACF passwords.
    
    Below are the new special characters supported by RACF.
    The symbols shown are for EBCDIC code page 1047 or 037.
    IMS Connect uses EBCDIC code page 037 when validating the
    password characters.
    Special Characters (EBCDIC):
    4B 4C 4E 4F 50 5A 5C 60 6C 6D 6E 6F 7A 7E  <-- Hex value
     .  <  +  |  &  !  *  -  %  _  >  ?  :  =  <-- Symbol
    The special characters are in addition to the existing
    national characters:
    5B 7B 7C
     $  #  @
    -------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI48112

  • Reported component name

    IMS V14

  • Reported component ID

    5635A0500

  • Reported release

    400

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2015-09-03

  • Closed date

    2015-12-07

  • Last modified date

    2016-01-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI33600 PI54038

Modules/Macros

  • HWSSDRCV HWSPWCH0 HWSMDRCV
    

Publications Referenced
SC19421300GC19422400   

Fix information

  • Fixed component name

    IMS V14

  • Fixed component ID

    5635A0500

Applicable component levels

  • R400 PSY UI33600

       UP15/12/09 P F512  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPH2","label":"IMS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"14.1","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
01 December 2023