APAR status
Closed as program error.
Error description
Any authenticated user can issue the stopOgServer command to stop catalog server, container servers, or both. A stand-alone WebSphere eXtreme Scale installation has been implemented. WebSphere eXtreme Scale security has been configured by using a keystore file with two users defined: wxsadmin/wxsadmin1 and wxsuser/wxsuser1 The goal is to assign administrator privileges to 'wxsadmin' while 'wxsuser' will have only access to data grid with no administrator capabilities. To achieve this, wxsadmin is granted Administrator privileges as described in the following technote: http://www-01.ibm.com/support/docview.wss?uid=swg21598682 In this configuration, xscmd works as designed, and wxsadmin has full access, while wxsuser is unable to execute this command). However, administrator rights are ignored when issuing the stopOgServer command. Specifically, when passing wxsuser credentials to the stopOgServer command using clientSecurityFile, the command completes successfully, which is not the correct behavior.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere DataPower XC10 Appliance * * users * **************************************************************** * PROBLEM DESCRIPTION: With security enabled, users are * * allowed to execute commands on a grid * * without providing credentials. * **************************************************************** * RECOMMENDATION: * **************************************************************** The security setting credentialAuthentication was always set to supported, which does not require credentials.
Problem conclusion
The XC10 console provides a check box to change credentialAuthentication to required. You must take action to change the default behavior. To change the setting, navigate to Appliance > Settings > Security. Under 'Data Grid Authentication' check the box labelled 'Require authentication for all requests to the grid (Recommended)'. Click the 'Submit Data Grid Authentication Settings' button. Submitting this change automatically kicks off a task that restarts the appliance.
Temporary fix
Comments
APAR Information
APAR number
PM73441
Reported component name
WS EXTREME SCAL
Reported component ID
5724X6702
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-09-21
Closed date
2012-10-25
Last modified date
2012-10-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WS EXTREME SCAL
Fixed component ID
5724X6702
Applicable component levels
R711 PSY
UP
R850 PSY
UP
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.