A fix is available
APAR status
Closed as program error.
Error description
You have an application that uses the WebSphere MQ-CICS bridge. The bridge is started with the following parameters : AUTH=VERIFY_UOW,WAIT=60,Q=<bridge request queue name> . When the application tries to use the bridge with CICS TS V3.2 it fails and you see the following error messages in the CICS log: . +DFHMQ0749E CKBR 0000081 Authentication error, userid <userid> +DFHMQ0760I CKBR 0000081 MsgId=414D5120494849443130314120202020443127282058A005 +DFHMQ0762I CKBR 0000081 Queue name <bridge request queue name> . You also see these messages in the queue manager log: ICH408I USER(<userid>) GROUP(<group> ) NAME(<name> ) LOGON/JOB INITIATION - INVALID PASSWORD IRR013I VERIFICATION FAILED. INVALID PASSWORD GIVEN. . The application supplies a 7-character password in the Authenticator field of the CIH, with the last character of the field containing null (x00). CICS TS V3.2 passes an 8 byte password to RACF, i.e. the ending null is not removed and is taken by RACF as part of the password. .
Local fix
Pass an 8-character password in the MQCIH.
Problem summary
**************************************************************** * USERS AFFECTED: ALL * **************************************************************** * PROBLEM DESCRIPTION: When running with AUTH=VERIFY_UOW, the * * CICS bridge may wrongly reject a valid * * password if it is under 8 characters * * long and contains trailing nulls. * **************************************************************** * RECOMMENDATION: * **************************************************************** The CICS bridge passes the full eight characters of the password field to be authenticated without stripping off trailing nulls and blanks. When CSQHVRFY authenticates the password it only removes trailing blanks. This means that the password passed to the security manager may contain null characters, resulting in messages DFHMQ0749E and ICH408I reporting an authentication failure. Keywords: msgDFHMQ0749E MQ0794E
Problem conclusion
DFHMQTRU was changed to only pass the valid portion of the password for authentication, stripping any nulls and padding the remainder of the 8 character field with blanks.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK65740
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-05-08
Closed date
2008-06-03
Last modified date
2008-07-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK36900
Modules/Macros
DFHMQTRU
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK36900
UP08/06/05 P F806
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 July 2008