A fix is available
APAR status
Closed as program error.
Error description
PI39336 added the capability for installation data to be passed on change password and password verification requests. It seems the installation data passed is missing UXPPHASE values to identify the two new requests to ESM exit routines. Symptom(s) Search Keyword(s): KIXREVxxx
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users with PI21865 applied. * **************************************************************** * PROBLEM DESCRIPTION: Performing a SIGNON with PHRASE and * * NEWPHRASE causes the PHRASE to be * * validated twice. The SIGNON can then * * fail if the PHRASE contains a * * single use token. * **************************************************************** * RECOMMENDATION: * **************************************************************** A SIGNON is performed specifying PHRASE and NEWPHRASE. The PHRASE contains the password and a single use token. This is validated by calling the R_Password (IRRSPW00) service. Exit program IRRSXT00 extracts the token and successfully validates it. A RACROUTE REQUEST=VERIFY call is then made to change the password. The PHRASE and NEWPHRASE are passed on this call. Exit program ICHRIX01 extracts the token. Validation of the token fails, because it has already been used on the IRRSPW00 call. The exit program rejects the attempt to change the password and the signon fails.
Problem conclusion
UI44249 UI44250 CICS has been updated to only issue a single RACROUTE REQUEST=VERIFY call to change the password as part of a signon. This means that any security exit program will only be passed the PHRASE (or PASSWORD) once. CICS has also been changed to always pass installation data (if EMSEXITS=INSTLN is coded in the SIT) on the RACROUTE REQUEST=VERIFY call used to change the password and on the RACROUTE REQUEST=VERIFYX call used in password verification (when there has been a password failure or a passticket is being used). New UXPPHASE values have been created to allow the ICHRIX01 exit to correctly determine why it is being invoked. This APAR contains the fixes for APARs PI39336 and PI79851. The new UXPPHASE values are: PASSWORD_CHANGE (x'90') PASSWORD_VERIFICATION (x'91') The following documentation change will be made to the CICS Transaction Server for z/OS 4.2 Customization Guide ( SC34-7161-00 ). The following 2 fields added in chapter 33 ( titled: Invoking an external security manager ), where it lists the possible values that can be addressed by UXPPHASE: PASSWORD_CHANGE X'90' Change of password PASSWORD_VERIFICATION X'91' password being verified
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI75325
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-01-23
Closed date
2017-06-23
Last modified date
2017-08-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI48246
Modules/Macros
DFHSNTU DFHUSAD DFHXMTA DFHXMXE DFHXSAD DFHXSCR DFHXSCT DFHXSDM DFHXSDUF DFHXSEJ DFHXSEV DFHXSFL DFHXSIDT DFHXSIS DFHXSKR DFHXSLU DFHXSPW DFHXSRC DFHXSSA DFHXSSB DFHXSSBT DFHXSSC DFHXSSD DFHXSSE DFHXSSF DFHXSSH DFHXSSI DFHXSTRI DFHXSTS DFHXSUXP DFHXSXM
SC34716100 |
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
R700 PSY UI48246
UP17/07/08 P F707 ¢
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 August 2017