A fix is available
APAR status
Closed as program error.
Error description
A userid is defined with a KERBNAME greater than 8 characters. otelnetd is configured with the -a user option. otelnetd saves the first 8 characters of the realm provided by the user. When the user is authenticated with kerberos, otelnetd compares the realm returned with the 8 character saved name. These names don't match, so otelnetd fails the login with a No authentication provided message. otelnetd should be using the entire realm name provided by the user. . VERIFICATION STEPS: 1) KERBNAME defined with more than 8 characters 2) otelnetd trace will show message: telnetd: authteln client name: UsernameLong auth name: Username .
Local fix
Define names of 8 characters or less.
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 10, 11, and * * 12 IP: otelnetd server * **************************************************************** * PROBLEM DESCRIPTION: Client login fails when otelnet is * * configured with the -a user option and * * KERBNAME is greater than 8 characters * **************************************************************** * RECOMMENDATION: * **************************************************************** The problem may be summarized as follows: 1. Otelnet is configured with the -a user option. 2. The kerberos server and a kerberos telnet client are configured with a KERBNAME greater than 8 characters: test_longuser 3. During the client connection process, the otelnet server truncates the client provided realm name to 8 characters: test_lon The connection attempt by the telnet client is subsequently rejected with a no authentication provided message. The failure occurred because only the first 8 characters of the client provided realm name are used for the authentication. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Module EZATNATT has been amended to permit a user provided realm name with a length greater than 8 characters. * Cross Reference between External and Internal Names EZATNATT (AUTHTELN) EZATNATT (AUTHTELN) EZATNATT (AUTHTELN)
Temporary fix
Comments
APAR Information
APAR number
PM28877
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1B0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2010-12-14
Closed date
2011-01-11
Last modified date
2011-03-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK63829 UK63830 UK63831
Modules/Macros
EZATNATT
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1A0 PSY UK63829
UP11/02/25 P F102
R1B0 PSY UK63830
UP11/02/25 P F102
R1C0 PSY UK63831
UP11/02/25 P F102
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1B0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1B0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 March 2011