A fix is available
APAR status
Closed as program error.
Error description
When a system has a GLOBALTCPIPDATA input specified in the Resolver process configuration (the SETUP DD), a copy of the contents is kept to support NMI processing. To ensure that this is always current, each time a new application performs a res_init() call a check is performed to detect when that input has been updated. The problem is that the mechanism to notify the RESOLVER address space of that update is to have the application issue a MODIFY RESOLVER command. But in most instances, the user running that application will not have the authority to issue a MODIFY command, so a security violation results along with the following message: IEE345I MODIFY AUTHORITY INVALID, FAILED BY SECURITY PRODUCT If using RACF for SAF functions, a message similar to the following will accompany the above: ICH408I USER(xxxxxxxx) GROUP(xxxxxxxx) NAME(xxxxx xxxxx) MVS.MODIFY.STC.RESOLVER.RESOLVER CL(OPERCMDS) INSUFFICIENT ACCESS AUTHORITY FROM MVS.MODIFY.** (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(NONE ) Note: If a non-default name is being used for the RESOLVER process, that name will appear as the last two qualifiers of the referenced profile name.
Local fix
Issue a MODIFY RESOLVER,REFRESH command from an authorized user to stop the violations. This can also be performed immediately after updating the referenced GLOBALTCPIPDATA input.
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 13 IP: * * Resolver * **************************************************************** * PROBLEM DESCRIPTION: Message IEE345I is issued from various * * applications that reference the global * * tcpip data after the global tcpip data * * set has been modified. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the global TCPIP data set has been modified a MODIFY command is used to notify the RESOLVER that it has been modified and that it should be reread for any updates. However, installation security products prevent the MODIFY command from being executed since the application has not been given authority to issue a MODIFY RESOLVER command. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
The resolver is amended to use an cross memory post of a ECB in the resolver address space for notification that the global TCPIP data set has been modified. * Cross Reference between External and Internal Names
Temporary fix
********* * HIPER * *********
Comments
APAR Information
APAR number
PM72945
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1D0
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt
Submitted date
2012-09-14
Closed date
2012-10-12
Last modified date
2012-12-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK82635
Modules/Macros
EZBRECFG EZBRECVT EZBREINI EZBRERIN EZB2RCVT
Fix information
Fixed component name
TCP/IP V3 MVS
Fixed component ID
5655HAL00
Applicable component levels
R1D0 PSY UK82635
UP12/11/14 P F211
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 December 2012