IBM Support

PM70994: SSLFAKEBASICAUTH DEPENDS ON LOADMODULE ORDER

Fixes are available

7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
8.5.0.2: WebSphere Application Server V8.5 Fix Pack 2
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • SSLFakeBasicAuth depends on LoadModule order
    
    Loading the mod_ibm_ssl module at the top of httpd.conf, the
    SSLFakeBasicAuth is enabled. If it is loaded at another place,
    such as the bottom of httpd.conf, it is not enabled.
    
    IBM HTTP Server based on Apache HTTP Server 2.0 and later should
    not need to have any ordering dependency.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users of the "SSLFakeBasicAuth" directive   *
    *                  in                                          *
    *                  IBM HTTP Server.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION: SSLFakeBasicAuth seems to do nothing    *
    *                      after configured, but works if you      *
    *                      change the order of "LoadModule"        *
    *                      directives in httpd.conf                *
    ****************************************************************
    * RECOMMENDATION:  Apply this fix if SSLFakeBasicAuth          *
    *                  directive is being used, is not taking      *
    *                  effect and your  certificate-bearing users  *
    *                  are receving 401 prompts.                   *
    ****************************************************************
    SSLFakeBasicAuth is used to tie certificate-based authentication
    into HTTP Basic Authentication configured in Apache, but
    SSLFakeBasicAuth must run before the core of Apache
    authentication to be effective.  The way SSLFakeBasicAuth used
    the Apache API, it was undefined as to which module would run
    first.
    

Problem conclusion

  • The feature was updated to always run before normal HTTP Basic
    Authentication processing.
    
    This fix is targeted for IHS fixpacks:
     - 7.0.0.27
     - 8.0.0.6
     - 8.5.0.2
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM70994

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2012-08-16

  • Closed date

    2012-08-21

  • Last modified date

    2012-10-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022