IBM Support

PQ55642: STARTING THE FTP CLIENT FROM TSO WITH OPTION -A DOES NOT ENFORCEAUTHENTICATION TO BE REQUIRED AS IT SHOULD.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Starting the FTP client in TSO with option -A should require
authentication to succeed for the connection to complete.  This
does not occur since the command options in TSO are not case
sensitive.  This results in the -A option being equivalent to
the -a option where authentication is attempted, but the
connection is allowed to complete without security, if the
authentication fails.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users of the IBM Communications Server   *
*                 for z/OS Version 1 Release 2 IP: FTP         *
****************************************************************
* PROBLEM DESCRIPTION: Starting the FTP client in TSO with     *
*                      option -A should require                *
*                      authentication to succeed for the       *
*                      connection to complete.  This does      *
*                      not occur since the command options     *
*                      in TSO are not case sensitive.  This    *
*                      results in the -A option being          *
*                      equivalent to the -a option where       *
*                      authentication is attempted, but the    *
*                      connection is allowed to complete       *
*                      without security, if the                *
*                      authentication fails.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In FTP, the option for requiring a secure connection
has been changed from -A to -r.  This is so there is no
confusion with the -a option, which still exists and indicates
a secure connection is attempted, but not required.
+-------------------------------------------------------------+
+ Please check our Communications Server for OS/390 homepages +
+ for common networking tips and fixes.  The URL for these    +
+ homepages can be found in Informational APAR II11334.       +
+-------------------------------------------------------------+

    



Problem conclusion


    

  • FTP has been updated to recognize the -r option.
Also, an error in the debug code that set ACC trace on
whenever any trace was active has been fixed.  This bug also
prevented resetting the ACC trace if any other trace was
active.

Changes needed to the following publications.
***********************************************
z/OS V1R2 IBM Communications Server
 IP Messages Vol. 1 : SC31878301

  Message EZA2579E Usage error: Valid parameters are:

    change -A to -r in two places;

  Message EZA2892I Secure port 990 ...

    change -A to -r in four places (including message itself)

  Message EZA2894I The security mechanism ...

    change -A to -r in one place
***********************************************
z/OS V1R2 IBM Communications Server
 IP Migration: SC31877301
  Table 98: Kerberos Support for the FTP Server and Client -
            Migration Tasks

    change -A to -r in two places in the Procedure column

  Table 120: FTP Command Start Options

    change -A to -r in three places in the New Parameter column
    change -A to -r in two places in the Description column
***********************************************
z/OS V1R2 IBM Communications Server
 IP User's Guide and Commands: SC31878001
  FTP Command - Enter the FTP Environment
    Under Format
       change -A to -r  and move to be in alphabetical order
    Under Parameters
       change -A to -r  (twice on the line; also, move to be
                         in alphabetical order)
  Security Considerations, Using Security Mechanisms
    First bullet under paragraph that discusses configuration
    parameters that determine whether the client uses a security
    mechanism
       change -A TLS     to  -r TLS
       change -A GSSAPI  to  -r GSSAPI

* Cross Reference between External and Internal Names
PREFTPCX (EZAFTPCX)  PREFTPLD (EZAFTPLD)  PREFTPLS (EZAFTPLS)
EZAFTPM1 (FTP     )  EZAFTPSM (FTPDMSG )

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PQ55642
    • 

  • Reported component name
    TCP/IP V3 MVS
    • 

  • Reported component ID
    5655HAL00
    • 

  • Reported release
    120
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2001-12-10
    • 

  • Closed date
    2002-01-11
    • 

  • Last modified date
    2002-03-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UQ61859 UQ61860
    

    • 



Modules/Macros


    

  • EZAFTPCX EZAFTPCY EZAFTPGT EZAFTPGU EZAFTPLD
EZAFTPLS EZAFTPM1 EZAFTPRA EZAFTPSM

    




Publications Referenced


SC31877301SC31878001SC31878301  





Fix information


    

  • Fixed component name
    TCP/IP V3 MVS
    • 

  • Fixed component ID
    5655HAL00
    • 



Applicable component levels


    

  • R120  PSY  UQ61859
       UP02/02/16  P  F202
    • 

  • R129  PSY  UQ61860
       UP02/02/16  P  F202
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"120","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 March 2002
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback