IBM Support

PI75324: CICS INSTALLATION DATA MISSING PHASE INFORMATION FOR CHANGE PASSORD AND PASSWORD VERIFICATION REQUESTS

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • PI39336 added the capability for installation data to be passed
on change password and password verification requests. It seems
the installation data passed is missing UXPPHASE values to
identify the two new requests to ESM exit routines.

Symptom(s) Search Keyword(s): KIXREVxxx

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS users with PI21866 applied.         *
****************************************************************
* PROBLEM DESCRIPTION: Performing a SIGNON with PHRASE and     *
*                      NEWPHRASE causes the PHRASE to be       *
*                      validated twice.  The SIGNON can then   *
*                      fail if the PHRASE contains a           *
*                      single use token.                       *
****************************************************************
A SIGNON is performed specifying PHRASE and NEWPHRASE.
The PHRASE contains the password and a single use token.
This is validated by calling the R_Password (IRRSPW00)
service. Exit program IRRSXT00 extracts the token and
successfully validates it.  A RACROUTE REQUEST=VERIFY
call is then made to change the password.  The PHRASE
and NEWPHRASE are passed on this call.  Exit program
ICHRIX01 extracts the token.
Validation of the token fails, because it has already
been used on the IRRSPW00 call.  The exit program rejects
the attempt to change the password and the signon fails.

    



Problem conclusion


    

  • UI22616 UI24127 UI25262 UI30325 UI43779
CICS has been updated to only issue a single RACROUTE
REQUEST=VERIFY call to change the password as part of a signon.
This means that any security exit program will only be passed
the PHRASE (or PASSWORD) once.

CICS has also been changed to always pass installation data
(if EMSEXITS=INSTLN is coded in the SIT) on the RACROUTE
REQUEST=VERIFY call used to change the password and on the
RACROUTE REQUEST=VERIFYX call used in password verification
(when there has been a password failure or a passticket is being
used).  New UXPPHASE values have been created to allow the
ICHRIX01 exit to correctly determine why it is being invoked.

The new UXPPHASE values are:

PASSWORD_CHANGE (x'90')
PASSWORD_VERIFICATION (x'91')

The following documentation change will be made to the CICS
Transaction Server for z/OS 5.1 Customization Guide
( SC34-2847-00 ).  The following 2 fields added in chapter 35
( titled: Invoking an external security manager ), where it
lists the possible values that can be addressed by UXPPHASE:

PASSWORD_CHANGE        X'90'
     Change of password
PASSWORD_VERIFICATION  X'91'
     password being verified

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI75324
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-01-23
    • 

  • Closed date
    2017-06-23
    • 

  • Last modified date
    2017-08-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PI67905
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI48253
    

    • 



Modules/Macros


    

  • DFHSNTU  DFHUSAD  DFHXMTA  DFHXMXE  DFHXSAD  DFHXSCR  DFHXSCT
DFHXSDM  DFHXSDUF DFHXSEV  DFHXSFL  DFHXSIDT DFHXSIS  DFHXSKR
DFHXSLU  DFHXSPW  DFHXSRC  DFHXSSA  DFHXSSB  DFHXSSBT DFHXSSC
DFHXSSD  DFHXSSE  DFHXSSF  DFHXSSH  DFHXSSI  DFHXSTRI DFHXSTS
DFHXSUXP DFHXSXM

    




Publications Referenced


SC34284700    





Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R800  PSY  UI48253
       UP17/07/19  P  F707
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 August 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback