IBM Support

PH17696: ENCRYPTED PASSWORDS DELETED IF CUSTOM ENCRYPTION JAS IS REMOVED.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • If a custom encryption class is used to encrypt WAS passwords,
    and then the customer encryption class is removed, upon start up
    WebSphere will remove the passwords from the security.xml
    instead of leaving them alone.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere                  *
    *                  Application Server using custom password    *
    *                  encryption                                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: If the custom encryption JAR is         *
    *                      removed, encrypted passwords might be   *
    *                      removed from security.xml               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Users of WebSphere Application Server can set up custom
    password encryption by providing a class in a JAR file and
    placing it in the <WAS_HOME>/lib/ext directory.
    The encryption works.  When you start the application server,
    the passwords in security.xml are encrypted.
    The problem occurs when you remove the JAR from the lib/ext
    directory, or the JAR somehow becomes inaccessible.  In that
    case, upon server startup the passwords are removed from the
    security.xml.   This makes recovery of passwords rather
    difficult.
    

Problem conclusion

  • The code was modified to prevent removal of passwords from
    security.xml when the custom password encryption JAR becomes
    inaccessible.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.17 and 9.0.5.3.  Please refer to the Recommended
    Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH17696

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-10-03

  • Closed date

    2019-10-30

  • Last modified date

    2019-10-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PH17696

Modified date: 30 October 2019