PM73441: When WebSphere eXtreme Scale security is configured with a keystore, incorrect behavior might occur.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Any authenticated user can issue the stopOgServer command to
    stop catalog server, container servers, or both.
    
    A stand-alone WebSphere eXtreme Scale installation has been
    implemented. WebSphere eXtreme Scale security has been
    configured by using a keystore file with two users
    defined: wxsadmin/wxsadmin1 and wxsuser/wxsuser1
    
    The goal is to assign administrator privileges to 'wxsadmin'
    while 'wxsuser' will have only access to data grid with no
    administrator capabilities.
    
    To achieve this, wxsadmin is granted Administrator privileges as
    described in the following technote:
    
    http://www-01.ibm.com/support/docview.wss?uid=swg21598682
    
    In this configuration, xscmd works as designed, and wxsadmin has
    full access, while wxsuser is unable to execute this command).
    
    However, administrator rights are ignored when issuing the
    stopOgServer command. Specifically, when passing wxsuser
    credentials to the stopOgServer command using
    clientSecurityFile, the command completes successfully, which
    is not the correct behavior.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere DataPower XC10 Appliance      *
    *                  users                                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: With security enabled, users are        *
    *                      allowed to execute commands on a grid   *
    *                      without providing credentials.          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The security setting credentialAuthentication was always set
    to supported, which does not require credentials.
    

Problem conclusion

  • The XC10 console provides a check box to change
    credentialAuthentication to required. You must take action to
    change the default behavior. To change the setting,
    navigate to Appliance > Settings > Security.  Under 'Data Grid
    Authentication' check the box labelled 'Require authentication
    for all requests to the grid (Recommended)'. Click the 'Submit
    Data Grid Authentication Settings' button. Submitting this
    change automatically kicks off a task that restarts the
    appliance.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM73441

  • Reported component name

    WS EXTREME SCAL

  • Reported component ID

    5724X6702

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-09-21

  • Closed date

    2012-10-25

  • Last modified date

    2012-10-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WS EXTREME SCAL

  • Fixed component ID

    5724X6702

Applicable component levels

  • R711 PSY

       UP

  • R850 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere eXtreme Scale

Software version:

850

Reference #:

PM73441

Modified date:

2012-10-25

Translate my page

Machine Translation

Content navigation