IBM Support

PM73441: When WebSphere eXtreme Scale security is configured with a keystore, incorrect behavior might occur.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Any authenticated user can issue the stopOgServer command to
    stop catalog server, container servers, or both.
    A stand-alone WebSphere eXtreme Scale installation has been
    implemented. WebSphere eXtreme Scale security has been
    configured by using a keystore file with two users
    defined: wxsadmin/wxsadmin1 and wxsuser/wxsuser1
    The goal is to assign administrator privileges to 'wxsadmin'
    while 'wxsuser' will have only access to data grid with no
    administrator capabilities.
    To achieve this, wxsadmin is granted Administrator privileges as
    described in the following technote:
    In this configuration, xscmd works as designed, and wxsadmin has
    full access, while wxsuser is unable to execute this command).
    However, administrator rights are ignored when issuing the
    stopOgServer command. Specifically, when passing wxsuser
    credentials to the stopOgServer command using
    clientSecurityFile, the command completes successfully, which
    is not the correct behavior.

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere DataPower XC10 Appliance      *
    *                  users                                       *
    * PROBLEM DESCRIPTION: With security enabled, users are        *
    *                      allowed to execute commands on a grid   *
    *                      without providing credentials.          *
    * RECOMMENDATION:                                              *
    The security setting credentialAuthentication was always set
    to supported, which does not require credentials.

Problem conclusion

  • The XC10 console provides a check box to change
    credentialAuthentication to required. You must take action to
    change the default behavior. To change the setting,
    navigate to Appliance > Settings > Security.  Under 'Data Grid
    Authentication' check the box labelled 'Require authentication
    for all requests to the grid (Recommended)'. Click the 'Submit
    Data Grid Authentication Settings' button. Submitting this
    change automatically kicks off a task that restarts the

Temporary fix


APAR Information

  • APAR number


  • Reported component name


  • Reported component ID


  • Reported release


  • Status


  • PE




  • Special Attention


  • Submitted date


  • Closed date


  • Last modified date


  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name


  • Fixed component ID


Applicable component levels

  • R711 PSY


  • R850 PSY


Document information

More support for: WebSphere eXtreme Scale

Software version: 850

Reference #: PM73441

Modified date: 25 October 2012

Translate this page: