IBM Support

OA50098: USE OF ALTUSER EXPIRED KEYWORD WITHOUT SETTING A PASSWORD OR PHRASE IS NOT CONTROLLED THROUGH EXISTING PWEXP POLICY

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Use of ALTUSER EXPIRED keyword without setting a PASSWORD or
    PHRASE is not controlled through existing PWEXP policy
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Command Verifier exploiting *
    *                 policy profiles that control usage of the    *
    *                 no-expired option                            *
    *                 (C4R.USER.PWEXP.<owner>.<userid>).           *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure command verified might not      *
    *                      honor policy profiles controlling usage *
    *                      of the no-expired option                *
    *                      (C4R.USER.PWEXP.<owner>.<userid>).      *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When zSecure Command Verified policy profiles controlling usage
    of the no-expired option (C4R.USER.PWEXP.<owner>.<userid>) are
    in effect and the ALTUSER command specifies the expiration
    option (NOEXPIRED/EXPIRED) without password specification, the
    aforementioned profiles are ignored so that the ALTUSER command
    is not controlled.
    

Problem conclusion

  • zSecure Command Verified has been modified so that the policy
    profiles that control usage of the no-expired option are handled
    in accordance to the documentation.
    211Y
    220Y
    C4RUPASS
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA50098

  • Reported component name

    COMMAND VERIFIE

  • Reported component ID

    5655T07CV

  • Reported release

    211

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-03-09

  • Closed date

    2016-03-30

  • Last modified date

    2016-04-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA81177 UA81178

Modules/Macros

  •    C4RUPASS
    

Fix information

  • Fixed component name

    COMMAND VERIFIE

  • Fixed component ID

    5655T07CV

Applicable component levels

  • R211 PSY UA81177

       UP16/03/31 P F603

  • R220 PSY UA81178

       UP16/03/31 P F603

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRM9V","label":"IBM Security zSecure Command Verifier"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"211","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
28 June 2022