IBM Support

PK65740: CICS BRIDGE REPORTS DFHMQ0749E AUTHENTICATION ERROR

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • You have an application that uses the WebSphere MQ-CICS bridge.
    The bridge is started with the following parameters :
    AUTH=VERIFY_UOW,WAIT=60,Q=<bridge request queue name>
    .
    When the application tries to use the bridge with CICS TS V3.2
    it fails and you see the following error messages in the CICS
    log:
    .
    +DFHMQ0749E CKBR 0000081 Authentication error, userid <userid>
    +DFHMQ0760I CKBR 0000081
    MsgId=414D5120494849443130314120202020443127282058A005
    +DFHMQ0762I CKBR 0000081 Queue name <bridge request queue name>
    .
    You also see these messages in the queue manager log:
    ICH408I USER(<userid>) GROUP(<group> ) NAME(<name> ) LOGON/JOB
    INITIATION - INVALID PASSWORD
    IRR013I VERIFICATION FAILED. INVALID PASSWORD GIVEN.
    .
    The application supplies a 7-character password in the
    Authenticator field of the CIH, with the last character of the
    field containing null (x00). CICS TS V3.2 passes an 8 byte
    password to RACF, i.e. the ending null is not removed and is
    taken by RACF as part of the password.
    .
    

Local fix

  • Pass an 8-character password in the MQCIH.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: ALL                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: When running with AUTH=VERIFY_UOW, the  *
    *                      CICS bridge may wrongly reject a valid  *
    *                      password if it is under 8 characters    *
    *                      long and contains trailing nulls.       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The CICS bridge passes the full eight characters of the password
    field to be authenticated without stripping off trailing nulls
    and blanks.
    When CSQHVRFY authenticates the password it only removes
    trailing blanks. This means that the password passed to the
    security manager may contain null characters, resulting in
    messages DFHMQ0749E and ICH408I reporting an authentication
    failure.
    
    Keywords: msgDFHMQ0749E MQ0794E
    

Problem conclusion

  • DFHMQTRU was changed to only pass the valid portion of the
    password for authentication, stripping any nulls and padding the
    remainder of the 8 character field with blanks.
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PK65740

  • Reported component name

    CICSTS V3 Z/OS

  • Reported component ID

    5655M1500

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-05-08

  • Closed date

    2008-06-03

  • Last modified date

    2008-07-01

  • APAR is sysrouted FROM one or more of the following:

    PK25138

  • APAR is sysrouted TO one or more of the following:

    UK36900

Modules/Macros

  •    DFHMQTRU
    

Fix information

  • Fixed component name

    CICSTS V3 Z/OS

  • Fixed component ID

    5655M1500

Applicable component levels

  • R500 PSY UK36900

       UP08/06/05 P F806

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 July 2008