IBM Support

PH09141: EXEC CICS SIGNON NEEDS TO DISTINGUISH BETWEEN PASSWORD / PHRASE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • IN CICS TS 5.4, when issuing a
    CICS SIGNON USERID(ABK) PASSWORD(' ') NEWPASS('A'),
    the command returns EIBRESP=22 (LENGERR) and EIBRESP2=1 which is
    "PHRASELEN was out-of-range".  If the NEWPASS parameter is
    removed or NEWPASS (' ') is supplied, the command returns the
    expected EIBRESP=70 (NOTAUTH) and EIBRESP2=1 which is
    "A password or password phrase is required" as it did under
    CICS TS 5.1.
    
    When issuing a
      CICS SIGNON USERID(ABK) PASSWORD('abc$123') NEWPASS('abc$456')
    the command returns EIBRESP=16 (INVREQ) and EIBRESP2=13 which is
    "There is an unknown return code in ESMRESP from the ESM; or the
    ESM is not active or has failed in an unexpected way".  If the
    user is not authorized to the CICS application in the APPL class
    of RACF.  If the NEWPASS parameter is not supplied, the command
    returns the expected EIBRESP=70 (NOTAUTH) & EIBRESP2=17 which is
    "The USERID is not authorized to use the application" as it did
    under CICS TS 5.1.
    
    The difference comes about because SIGNON with PASSWORD and
    NEWPASSWORD has changed to behave more like CHANGE PASSWORD
    instead of VERIFY PASSWORD.  That was necessary because VERIFY
    followed by a CHANGE as part of the signon does not work with
    single use tokens or some MFA credentials.  The CHANGE PASSWORD
    processing has never handled the case where the user was not
    authorised to the applid so returns an "unknown" error.  The
    CHANGE PASSWORD does distinguish between a password or a phrase
    being used but the SIGNON command does not.  That is why the
    EIBRESP and RESP2 refer to the length of the phrase.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All.                                         *
    ****************************************************************
    * PROBLEM DESCRIPTION: SIGNON of unauthorised user returns     *
    *                      LENGERR or INVREQ instead of NOTAUTH.   *
    ****************************************************************
    A USERID is UNAUTHORISED to SIGNON using a particular CICS
    applid.  If the SIGNON includes a NEWPASSSWORD parameter then
    the request fails with an EIBRESP of LENGERR.  Similarly,if the
    PASSWORD field is blank but a NEWPASSWORD is supplied the
    request fails with an EIBRESP of INVREQ.  In both cases NOTAUTH
    should have been returned because the USERID is UNAUTHORISED to
    SIGNON to the CICS applid.
    

Problem conclusion

  • CICS security code has been amended to correct the
    aforementioned problem.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH09141

  • Reported component name

    CICS TS Z/OS V5

  • Reported component ID

    5655Y0400

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-03-01

  • Closed date

    2019-07-10

  • Last modified date

    2019-08-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI64127 UI64128 UI64129 UI64130 UI64131

Modules/Macros

  • DFHXSPW  DFHXSSB
    

Fix information

  • Fixed component name

    CICS TS Z/OS V5

  • Fixed component ID

    5655Y0400

Applicable component levels

  • R000 PSY UI64128

       UP19/08/01 P F907

  • R100 PSY UI64130

       UP19/08/01 P F907

  • R200 PSY UI64129

       UP19/08/01 P F907

  • R800 PSY UI64131

       UP19/07/19 P F907

  • R900 PSY UI64127

       UP19/08/01 P F907

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 August 2019