Download
Abstract
This is a General Availability (GA) patch containing all the fixes since the release of IBM Tivoli Access Manager for e-Business 6.1.0 (Base)
Download Description
1.0 ABOUT THIS PATCH
1.1 Patch contents
1.2 Architectures
1.3 Patches superseded
1.4 Dependencies
1.5 Important Notice (Security Alerts)
2.0 APARS AND DEFECTS FIXED
2.1 Problems fixed by patch 6.1.0-ISS-TAM-FP0009
2.2 Problems fixed by patch 6.1.0-TIV-TAM-FP0008
2.3 Problems fixed by patch 6.1.0-TIV-TAM-FP0007
2.4 Problems fixed by patch 6.1.0-TIV-TAM-FP0005
2.5 Problems fixed by patch 6.1.0-TIV-TAM-FP0004
2.6 Problems fixed by patch 6.1.0-TIV-TAM-FP0003
2.7 Problems fixed by patch 6.1.0-TIV-TAM-FP0002
2.8 Problems fixed by patch 6.1.0-TIV-TAM-FP0001
3.0 BEFORE INSTALLING THIS PATCH
3.1 Back up Tivoli Access Manager data
3.2 Upgrade GSKit to Version 7.0.4.42
3.2.1 To upgrade GSKit on AIX
3.2.2 To upgrade GSKit on HP/UX
3.2.3 To upgrade GSKit on Linux
3.2.4 To upgrade GSKit on Solaris
3.2.5 To upgrade GSKit on Microsoft Windows
3.2.6 Confirm That GSKit was updated
4.0 INSTALLING THIS PATCH
4.1 Installing this patch on UNIX and Linux systems
4.2 Installing this patch on Windows systems
5.0 UNINSTALLING THIS PATCH
6.0 AFTER INSTALLING THIS PATCH
6.1 Verifying patch level
6.2 Adding new components to a system
7.0 DOCUMENTATION UPDATES
7.1 Updated platform and Tivoli Access Manager systems support statement
7.2 Tivoli Access Manager for e-business 6.1 Windows XP Professional SP2 and
Windows Vista Enterprise client components Federal Desktop Core Configuration
(FDCC) Compliance statement
7.3 Tivoli Access Manager daemons may not start automatically after
configuration and system restart on SuSe 10
7.4 WPM installation reports failure if the install path is changed (IZ33544)
7.5 Long Authorization Rules can cause a stack overrun in pdacld. (IZ43847)
7.6 SvrSslCfg Error HPDBF0234E Unable to load PD.properties (IZ43268, IZ58750)
7.7 Max-size can be more than 2MB (IZ54787, IZ58798)
7.8 Add shell tracing for debugging purposes (IZ52418)
7.9 Tivoli Access Manager 6.1 Auditing Guide does not document JDBC correctly (IZ60406)
7.10 Additional Details for AMJRTE certificate auto-refresh capability (IZ48674)
7.11 Memory leak fixed in LDAP client (IZ64821)
7.12 Application response measurement transactions need to be documented (IZ69050)
7.13 "DSA unwilling to perform" message if Tivoli Access Manager is configured using
ITDS 6.2(IZ66675)
7.14 rsrccred modify will blank out userid if not specified (IZ74239)
7.15 Clarification of Tivoli Access Manager/WebSEAL binary compatibility (IZ96633)
7.16 uname -n must return network addressable value for unix install/config (IZ83658)
7.17 PDAuthorizationContext Application Design Considerations (IZ96628)
7.18 The Tivoli Access Manager Installation Guide incorrectly states that the
Policy Server uses port 7134 (IZ96627)
7.19 New Configuration Option - ssl-enhanced-security (IZ79319)
7.20 Credential attributes should be all uppercase (IZ95842)
7.21 New Configuration Option - baseGroup.PDJFormatter.timeFormat in
PDJLog.properties (IV02723)
7.22 New Configuration Option - disallow-trailing-spaced-usernames (IZ96041, IZ89810)
7.23 PDCONFIG FAILS WHILE CONFIGURING POLICY SERVER WHEN LDAP ACCEPT SSLONLY
CONNECTION (IV02295)
7.24 PDMGRD CONTACT READONLY LDAP WITH MODIFY/DELETE REQUESTS FOR GSO (IV08718)
7.25 PDBACKUP on Windows ignores .LST file specifications. (IV07583)
7.26 Documentation missing for C api call ivadmin_user_getlastpwdchange. (IV16508)
7.27 DETAILS FOR AIX "MALLOCOPTIONS=multiheap" OR "MALLOCOPTIONS=buckets"(IV10558)
8.0 SOFTWARE LIMITATIONS
9.0 KNOWN PROBLEMS AND WORKAROUNDS
9.1 The Tivoli Access Manager installation wizard fails when installing
Tivoli Directory Server on AIX 6.1.
9.2 Version 6.1.0.0 of WebSphere Application Server does not
support AIX 6.1.0.0.
9.3 An additional Solaris 10 patch is required to run any Tivoli
Access Manager component in a non-global zone.
9.4 The Tivoli Access Manager installation wizard fails on Solaris when the
default shell is Shell (sh).
9.5 The Tivoli Access Manager installation wizard fails when installing
Tivoli Directory Server on Windows 2003 and Windows 2008 on x86-64
hardware.
9.6 ObjectGrid v6.1.0.1 cumulative fix 2 (or later) patch is required for
Tivoli Session Management Server.
9.7 LEADING '#' CHARACTER IS NOT SUPPORTED IN USER/GROUP NAMES (IZ66187)
9.8 "pdadmin -l config modify keyvalue" cannot handle negative value (IZ63127)
9.9 PDJrteCfg fails on high security z/OS platforms (IZ96629)
10.0 NOTICES
10.1 Trademarks
*****************************************************************************
*****************************************************************************
1.0 ABOUT THIS PATCH
--------------------
This patch package contains fixes for problems in Tivoli Access Manager
Base software. This patch requires that IBM Tivoli Access Manager Base,
Version 6.1 already be installed and configured successfully.
Tivoli Access Manager Base components are installed as part of the
following products:
- IBM Tivoli Access Manager for e-business, Version 6.1
1.1 Patch contents
This patch package contains:
- This README file
- Updated patch packaging for Tivoli Access Manager
Base software.
1.2 Architectures
Refer to the following URL for latest information on supported operating
systems and software
http://www-01.ibm.com/support/docview.wss?uid=swg27022004
________________________________________________________________________
Additional Certifications:
Windows Server 2008/2003 TAM610 Fix Pack 05
Active Directory (Mixed Mode)
ITDS 6.3 (server Only) TAM610 Fix Pack 05
AIX 7.1 on Power 7 System TAM610 Fix Pack 05
IBM Lotus Domino 8.5 Server TAM610 Fix Pack 02
Oracle Directory Server TAM610 Fix Pack 05
Enterprise Edition 7.0 (DSEE 7.0)
Windows Server 2008 Active Directory TAM610 Fix Pack 03
Domain Service (ADDS)
WebSphere Version 7.0 (WAS 7.0) TAM610 with Fix Pack 01 or later
for following components only:
PDJRTE (PD Java Runtime)
PDWPM (PD Web Portal Manager)
PDAuthADK (PD Development ADK)
ITDS 6.2 (Server Only) TAM components with ITDS 6.1 Client
Internet Explorer 7.0 (IE 7.0) TAM610 Fix Pack 04
Internet Explorer 8.0 (IE 8.0) TAM610 Fix Pack 03
________________________________________________________________________
1.3 Patches superseded
Patches superseded by this patch:
6.1.0-TIV-TAM-FP0008
6.1.0-TIV-TAM-FP0007
6.1.0-TIV-TAM-FP0005
6.1.0-TIV-TAM-FP0004
6.1.0-TIV-TAM-FP0003
6.1.0-TIV-TAM-FP0002
6.1.0-TIV-TAM-FP0001
1.4 Dependencies
IBM Tivoli Access Manager Base, Version 6.1
IBM Tivoli Security Utilities
IBM LDAP Client 6.1 latest patch
GSKit Version 7.0.4.42
NOTE1:
To patch a particular machine ensure that you install all
relevant patches for the installed IBM Tivoli Access Manager,
Version 6.1 components. Patches 6.1.0-ISS-TAM-FP0009 and
6.1.0-ISS-AWS-FP0009 must be installed on the same machine.
For example, consider a machine that has the following
components installed:
(your machine may have more components installed)
IBM Tivoli Access Manager Runtime (PDRTE)
IBM Tivoli Access Manager Web Security Runtime (PDWebRTE)
IBM Tivoli Access Manager WebSEAL (PDWeb)
IBM Tivoli Security Utilities (TivSecUtl)
To patch this machine, you must install:
* The PDRTE and TivSecUtl components from Patch 6.1.0-ISS-TAM-FP0009
* The PDWebRTE and PDWeb components from Patch 6.1.0-ISS-AWS-FP0009
In the end, a particular machine in a Tivoli Access Manager
environment must have all components at the same patch level.
See the 6.1.0-ISS-AWS-FP0009.README for information about how to
install the relevant components of that patch.
NOTE2:
In a Tivoli Access Manager environment, install patches in the
following order:
a) Policy Server machine, install patches for all components
as described in NOTE1 above.
b) Policy Proxy Server (if you have one in your Tivoli Access
Manager environment)
c) All other machines in the Tivoli Access Manager environment.
As described in NOTE1 above, you must install the patches for all
components on each machine. Once the Policy Server is patched, upgrade
all other machines in the Tivoli Access Manager environment to the
same patch level as soon as possible.
1.5 Important Notice (Security Alerts)
There are three Security Exposures found in IBM Tivoli Directory Server
Versions 6.1, 6.2 and 6.3
If Access Manager for eBusiness is configured using any of the above
mentioned versions of TDS as User Registry, it is highly recommended
to follow the below mentioned URL link to get the detailed information
as well as appropriate patches for the Security Exposures.
http://www-01.ibm.com/support/docview.wss?uid=swg21474615
Please note that TDS clients are not impacted by these Security Exposures.
2.0 APARS AND DEFECTS FIXED
---------------------------
Because patches are cumulative, this patch corrects all the problems
outlined in the following sections.
2.1 Problems fixed by patch 6.1.0-ISS-TAM-FP0009
APAR IV03097
Symptom: 9.x Red Hat Enterprise Linux 6 TAM server configuration
gives 'integer expression expected' error
APAR IV22794
Symptom: When Policy Server is configured in Windows machine using
Active Directory as user registry, PD Runtime configuration
in UNIX fails to accept DnForPD input in form of
"CN=xyz,DC=abc,DC=com" but accepts the string in the form of
"DC=xyz,DC=abc,DC=com"
APAR IV12656
Symptom: WebSEAL leaks memory when default-policy-override-support=yes
in WebSEAL conf file.
APAR IV22807
Symptom: WAS hangs under heavy load in jlog logRecord() method.
APAR IV22809
Symptom: "HPDAC0456E The ACL name specified was not found in the
authorization policy database." error message appears in
log files during policy database replication.
APAR IV20297
Symptom: When TAM is configured using Active Directory for Multi-domain
mode, "user list userid@domain.com" command does not list
the particular user.
Prerequisites
IBM Global Security Toolkit (GSKit) version 7.0.4.42
Installation Instructions
3.0 BEFORE INSTALLING THIS PATCH
--------------------------------
Before installing this patch, review the following prerequisites and
dependencies.
3.1 Back up Tivoli Access Manager data
Before applying any maintenance, be sure to back up your system. Use
the pdbackup command provided with the Tivoli Access Manager product
to back up Tivoli Access Manager-specific data. Documentation for the
pdbackup command is located in the "IBM Tivoli Access Manager Command
Reference, Version 6.1."
Patch installation for PDRTE component should not over-write the existing
pd_start script but still it is highly recommended to backup pd_start script
in UNIX systems, specially if any customizations are made on this script.
Patch for PDRTE component will install pd_start script as pd_start.fixpack
so that if any update or fix made to pd_start script is available to Customers
to incorporate into their customized pd_start script.
3.2 Upgrade GSKit to Version 7.0.4.42
Note:
IBM Global Security Toolkit (GSKit) version 7.0.4.33 and higher supports
RFC 5746 (TLS Renegotiation Indication Extension ) so the Security
Exposure CVE-2009-3555 (TLS/SSL Protocol Vulnerability ) will not be
applicable to these versions of GSKit. It is recommended that every
Customer should upgrade to GSKit version 7.0.4.33 or higher immediately.
Upgrade the IBM Global Security Toolkit (GSKit) to version 7.0.4.42
BEFORE installing the Tivoli Access Manager packages in this patch.
The updated GSKit installation packages may be downloaded at the URL:
https://www14.software.ibm.com/webapp/iwm/web/reg/pick.do?source=gskitupdt
After downloading the updated GSKit installation packages, use the
following instructions to install the upgraded GSKit packages. The
commands assume that you are in the directory where the GSKit installation
packages are located and are running as root on UNIX systems and as
Administrator on Windows systems.
3.2.1 To upgrade GSKit on AIX:
1. Install the patch:
installp -a -X -g -d . gskta.rte
for 64 bit also install
installp -a -X -g -d . gsksa.rte
2. From the command line, run the following commands to stop and
restart the Tivoli Access Manager processes:
pd_start stop
pd_start start
3. Confirm that the upgrade was successful by following the
instructions in section "3.2.6 Confirm that GSKit was updated".
3.2.2 To upgrade GSKit on HP/UX:
Note: On HP Integrity servers use gsk7bas32 instead of gsk7bas.
1. Uncompress and extract the file from gsk7bas.tar.Z
2. Install the patch:
swinstall -s $PATH/gsk7bas gsk7bas
where $PATH is the directory with gsk7bas package.
3. Ensure that you set and verify that the following path has
been set in your .profile:
SHLIB_PATH=/usr/lib
To set this path, enter the following command:
export SHLIB_PATH=/usr/lib;$SHLIB_PATH
After you install GSKit, no configuration is necessary.
Note that the SHLIB_PATH is only required to run the iKeyman
key management utility (gsk7ikm), which is installed with the
GSKit package. This enables you to create key databases,
public-private key pairs, and certificate requests. For more
information about gsk7ikm, see the Secure Sockets Layer
Introduction and iKeyman User's Guide.
4. From the command line, run the following commands to stop
and restart the Tivoli Access Manager processes:
pd_start stop
pd_start start
5. Confirm that the upgrade was successful by following the
instructions in section "3.2.6 Confirm that GSKit was updated".
3.2.3 To upgrade GSKit on Linux:
1. Install the patch:
At the command prompt, enter the following:
rpm -U <patchname>
where <patchname> is one of the following:
Linux on xSeries(R)
Red Hat
gsk7bas-7.0.4.42.i386.rpm
Suse SLES8
gsk7bas-7.0.4.42.i386.rpm
Linux on zSeries
gsk7bas-7.0.4.42.s390.rpm
Linux on pSeries(R) and iSeries
gsk7bas-7.0.4.42.ppc32.rpm
If Tivoli Access Manager is already configured, you
might need to install with the --noscripts flag:
rpm -U --noscripts <patchname>
2. From the command line, run the following commands to stop
and restart the Tivoli Access Manager processes:
pd_start stop
pd_start start
3. Confirm that the upgrade was successful by following the
instructions in section "3.2.6 Confirm that GSKit was updated".
3.2.4 To upgrade GSKit on Solaris:
1. Uncompress and extract the file from gsk7bas.tar.Z
2. Install the patch:
pkgadd -a none -d . gsk7bas
a. Answer 'y' when asked whether to overwrite an
installed instance directory
b. When prompted for a package base directory,
enter /opt if GSKit is installed in the default
location. Otherwise, specify the appropriate
location.
3. From the command line, run the following commands to stop
and restart the Tivoli Access Manager processes:
pd_start stop
pd_start start
4. Confirm that the upgrade was successful by following the
instructions in section "3.2.6 Confirm that GSKit was updated".
3.2.5 To upgrade GSKit on Microsoft Windows:
1. Extract the GSKit upgrade package:
gsk7bas.exe gsk7bas
cd gsk7bas
2. Use the following command to upgrade GSKit:
setup gsk7 <location> -sf1".\setup.iss"
where <location> is the drive and parent directory to your
desired GSKit install location.
NOTE: The GSKit installation program does not recognize spaces
in the <location> string. Therefore, if GSKIT was
originally installed in:
C:\Program Files\ibm\gsk7
you must specify the location using the following
syntax, which eliminates the spaces:
C:\Progra~1\ibm\gsk7
The complete command for this example would be:
setup gsk7 c:\Progra~1\ibm\gsk7 -sf1".\setup.iss"
After entering the setup command, an InstallShield window
is displayed. Follow the installation directions. In the window
where you are prompted for the destination location, you must
change the default location from:
C:\Program Files\ibm\gsk7
to:
C:\Progra~1\ibm\gsk7
or to whatever install location is applicable.
3. Shut down and reboot the system.
4. Confirm that the upgrade was successful by following the
instructions in section "3.2.6 Confirm that GSKit was updated".
3.2.6 Confirm that GSKit was updated
After upgrading to the version of GSKit included with this patch,
the GSKit PRODUCT VERSION should be 7.0.4.42 for ALL components
of the GSKit toolkit.
To determine the version of GSKit installed, use the following
command on any platform:
gsk7ver
NOTE: On HP-UX, you might need to add the following path in your
profile for the above command to work:
SHLIB_PATH=/usr/lib
4.0 INSTALLING THIS PATCH
-------------------------
NOTE: Before installing this patch, be sure that you have reviewed the
prerequisites and have completed the backup procedure in section 3.0,
"BEFORE INSTALLING THIS PATCH".
NOTE: About Tivoli Security Utilities:
This 6.1.0-ISS-TAM-FP0009 Patch includes "Tivoli Security Utilities"
Patch 6.1.0-TIV-TIVSEC-FPrent.
If your system already has "Tivoli Security Utilities Patch nt" i.e.
6.1.0-TIV-TIVSEC-FPrent installed, then you do not need to install it
again from this image.
If the Tivoli Access Manager product is distributed over multiple machines,
this patch must be applied to all Tivoli Access Manager systems in a
secure domain.
The patch images for Windows platforms are self-extracting executables.
For all UNIX platforms, the patch image is a compressed tar file that can
be untarred by a command like the following:
zcat Compressed-Patch-tar-Image | tar -xvf -
This README assumes that $PATCH (or %PATCH% for Windows) is the path to
your temporary directory.
4.1 Installing this patch on UNIX and Linux systems
NOTE:
Before applying the PD.WPM patch, Web Portal Manager (WPM) must first be
unconfigured. After applying the patch, reconfigure WPM.
The fix pack installer for Tivoli Access Manager Runtime for Java attempts
to update the existing PD.jar file in each configured JVM with the updated
PD.jar file delivered with this fix pack. In some cases, such as when the
installer cannot locate the Java Virtual Machine (JVM), the copy operation
fails. In this case, the installer log will contain a message asking the
administrator to ensure JVM is in the path and then to run the pdjrteupg
utility manually to copy PD.jar to the configured JVMs.
1. Log in to the system as root.
2. Extract the archive into a temporary directory. For the purpose of this
README, assume that the symbol $PATCH points to this temporary directory.
3. Stop the Tivoli Access Manager processes.
a. Stop the processes associated with Tivoli Manager for Operating
Systems, if that product is installed:
rc.osseal stop
b. Stop the processes associated with Tivoli Access Manager for
Business Integration, if that product is installed.
c. Stop the Tivoli Access Manager Base and WebSEAL processes:
/opt/PolicyDirector/bin/pd_start stop
4. At the command prompt, enter the following command to install the patch:
On AIX systems:
- installp -a -g -X -d $PATCH <package>
where <package> is one of the following:
TivSec.Utl Specifies the Tivoli Security Utilities
PD.RTE Specifies the Tivoli Access Manager Runtime
PD.Mgr Specifies the Tivoli Access Manager Policy Server
PD.MgrPrxy Specifies the Tivoli Access Manager Policy Proxy Server
PD.Acld Specifies the Tivoli Access Manager Authorization Server
PD.AuthADK Specifies the Tivoli Access Manager ADK
PDJ.rte Specifies the Tivoli Access Manager Java Runtime Env.
PD.WPM Specifies the Tivoli Access Manager Web Portal Manager
On HP-UX systems:
- swinstall -s $PATCH/<package> <patch>
where <package> and <patch> are one of the pairs from the following
table:
<package> <patch>
--------------------------------- ---------
TivSecUtl000610-nt.depot TivSecUtl
PDRTE000610-09.depot PDRTE
PDMgr000610-09.depot PDMgr
PDMgrPrxy000610-09.depot PDMgrPrxy
PDAcld000610-09.depot PDAcld
PDAuthADK000610-09.depot PDAuthADK
PDJrte000610-09.depot PDJrte
PDWPM000610-09.depot PDWPM
On Linux systems:
- rpm -U <patchname>
where <patchname> is one of the following:
Linux on x86
TivSecUtl-TivSec-6.1.0-t.i386.rpm
PDRTE-PD-6.1.0-9.i386.rpm
PDMgr-PD-6.1.0-7.i386.rpm
PDMgrPrxy-PD-6.1.0-9.i386.rpm
PDAcld-PD-6.1.0-9.i386.rpm
PDAuthADK-PD-6.1.0-9.i386.rpm
PDJrte-PD-6.1.0-9.i386.rpm
PDWPM-PD-6.1.0-9.i386.rpm
Linux on zSeries
TivSecUtl-TivSec-6.1.0-t.s390.rpm
PDRTE-PD-6.1.0-9.s390.rpm
PDMgr-PD-6.1.0-9.s390.rpm
PDMgrPrxy-PD-6.1.0-9.s390.rpm
PDAcld-PD-6.1.0-9.s390.rpm
PDAuthADK-PD-6.1.0-9.s390.rpm
PDJrte-PD-6.1.0-9.s390.rpm
PDWPM-PD-6.1.0-9.s390.rpm
Linux on POWER
TivSecUtl-TivSec-6.1.0-t.ppc.rpm
PDRTE-PD-6.1.0-9.ppc.rpm
PDMgr-PD-6.1.0-9.ppc.rpm
PDMgrPrxy-PD-6.1.0-9.ppc.rpm
PDAcld-PD-6.1.0-9.ppc.rpm
PDAuthADK-PD-6.1.0-9.ppc.rpm
PDJrte-PD-6.1.0-9.ppc.rpm
PDWPM-PD-6.1.0-9.ppc.rpm
On Sun Solaris Operating Environment systems
- cd $PATCH
For Solaris 9:
patchadd <package>
For Solaris 10 and above:
patchadd -t <package>
For Solaris 10 and above with zones:
patchadd -t -G <package>
Note: If an error occurs (for example, "The -t or -C options cannot
be used with -G option"), while installing the patch on Solaris
10 and above with zones, use the following command:
/usr/lib/patch/patchadd -G <package>
where <package> is one of the following:
<package> <patch>
------------------------ ---------
TIVSECUTL000610-nt TivSecUtl
PDRTE000610-09 PDRTE
PDMGR000610-09 PDMgr
PDMGRPRXY000610-09 PDMgrPrxy
PDACLD000610-09 PDAcld
PDAUTHADK000610-09 PDAuthADK
PDWPM000610-09 PDWPM
PDJRTE000610-09 PDJrte
5. Restart the Tivoli Access Manager processes:
/opt/PolicyDirector/bin/pd_start start
6. Restart the processes associated with other Tivoli Access Manager
products that were stopped in step 3.
4.2 Installing this patch on Windows systems
NOTE:
Before applying the PD.WPM patch, Web Portal Manager (WPM) must first be
unconfigured. After applying the patch, reconfigure WPM.
The fix pack installer for Tivoli Access Manager Runtime for Java attempts
to update the existing PD.jar file in each configured JVM with the updated
PD.jar file delivered with this fix pack. In some cases, such as when the
installer cannot locate the Java Virtual Machine (JVM), the copy operation
fails. In this case, a pop-up window will contain a message asking the
administrator to ensure JVM is in the path and then to run the pdjrteupg
utility manually to copy PD.jar to the configured JVMs.
1. Log in to the Windows system as the Administrator.
2. Stop all Tivoli Access Manager services.
If the Web plug-in is being used:
a. Click:
Start->Settings->Control Panel->Administrative Tools->Services
Right-click Access Manager Plug-in for Web Servers,
and then click Stop.
b. To confirm your action, click Yes.
c. Stop the IIS server using the Internet Services Manager.
From the Windows Desktop, click:
Start->Settings->Control Panel->Administrative Tools->Services,
right-click the service name, and then click Stop.
Repeat this for each Access Manager service.
3. Unpack the self-extracting archive into a temporary directory.
The archive will extract files to a sub-folder named 6.1.0-ISS-TAM-FP0009.
For the purpose of this README, assume that %PATCH% points to this
temporary directory, including the 6.1.0-ISS-TAM-FP0009 sub-folder.
4. Change to the patch directory:
cd %PATCH%
For each component to apply service to, run the following command:
<component directory>/Disk Images/Disk1/setup.exe
List of component directory names:
TivSecUtl
PDRTE
PDMGR
PDPROXY
PDAcld
PDAuthADK
PDJRTE
PDWPM
5. Restart Tivoli Access Manager services, including the Access
Manager Policy Server and Authorization Server:
From the Windows Desktop, click:
Start -> Settings -> Control Panel -> Administrative Tools -> Services,
right-click the service name, and then click Start.
Repeat this for each Tivoli Access Manager service.
If the Web Plug-in is being used:
a. Click Access Manager Plug-in for Web Servers -> Start.
b. Start the IIS server using the Internet Services Manager.
6. Restart the processes associated with other Tivoli Access Manager
products that were stopped in step 2.
5.0 UNINSTALLING THIS PATCH
---------------------------
NOTE: Uninstallation is not available on Microsoft Windows systems.
If the Tivoli Access Manager product is distributed over multiple machines,
uninstall this patch on those systems in the reverse order that it was applied.
To remove the patch on UNIX systems, perform the following steps.
1. Log in to the system as root.
2. Stop the Tivoli Access Manager processes.
a. Stop the processes associated with Tivoli Access Manager for
Operating Systems, if that product is installed:
rc.osseal stop
b. Stop the processes associated with Tivoli Access Manager for
Business Integration, if that product is installed.
c. Stop the Tivoli Access Manager Base and WebSEAL processes:
/opt/PolicyDirector/bin/pd_start stop
3. At the prompt, enter the appropriate command below:
On AIX, reject the applied patch:
installp -r <package>
where <package> is one of the following:
PD.Mgr
PD.MgrPrxy
PD.Acld
PD.AuthADK
PD.WPM
PDJ.rte
PD.RTE
TivSec.Utl
Example: installp -r PD.RTE
On HP-UX, remove the patch:
swremove <patch>,r=<version>
where <patch> is one of the following:
PDMgr
PDMgrPrxy
PDAcld
PDAuthADK
PDWPM
PDJrte
PDRTE
TivSecUtl
Example: swremove PDWPM,r=6.1.0.1
On Linux, apply the previous patch level:
rpm -U --oldpackage <old_package>
where <old_package> is one of the following:
Linux on x86
PDMgr-PD-6.1.0-0.i386.rpm
PDMgrPrxy-PD-6.1.0-0.i386.rpm
PDAcld-PD-6.1.0-0.i386.rpm
PDAuthADK-PD-6.1.0-0.i386.rpm
PDWPM-PD-6.1.0-0.i386.rpm
PDJrte-PD-6.1.0-0.i386.rpm
PDRTE-PD-6.1.0-0.i386.rpm
TivSecUtl-TivSec-6.1.0.i386.rpm
Linux on zSeries
PDMgr-PD-6.1.0-0.s390.rpm
PDMgrPrxy-PD-6.1.0-0.s390.rpm
PDAcld-PD-6.1.0-0.s390.rpm
PDAuthADK-PD-6.1.0-0.s390.rpm
PDWPM-PD-6.1.0-0.s390.rpm
PDJrte-PD-6.1.0-0.s390.rpm
PDRTE-PD-6.1.0-0.s390.rpm
TivSecUtl-TivSec-6.1.0.s390.rpm
Linux on POWER
PDMgr-PD-6.1.0-0.ppc.rpm
PDMgrPrxy-PD-6.1.0-0.ppc.rpm
PDAcld-PD-6.1.0-0.ppc.rpm
PDAuthADK-PD-6.1.0-0.ppc.rpm
PDWPM-PD-6.1.0-0.ppc.rpm
PDJrte-PD-6.1.0-0.ppc.rpm
PDRTE-PD-6.1.0-0.ppc.rpm
TivSecUtl-TivSec-6.1.0.ppc.rpm
On Solaris, remove the patch:
patchrm <package>
where <package> is one of the following:
PDMGR000610-09
PDMGRPRXY000610-09
PDACLD000610-09
PDAUTHADK000610-09
PDWPM000610-09
PDJRTE000610-09
PDRTE000610-09
TIVSECUTL000610-nt
Example: patchrm PDRTE000610-09
4. Restart the Tivoli Access Manager processes:
/opt/PolicyDirector/bin/pd_start start
5. Restart the processes associated with other Tivoli Access Manager
products that were stopped in step 2.
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24033150