A fix is available
APAR status
Closed as program error.
Error description
Customer has a specific userid that is not associated with a password. The userid is defined to the security manager to allow access without a password. DFHSN1105 is issued when the userid is already known to the US domain. DFHSNUS calls DFHSNTU for SIGNON_TERMINAL_USER. The security manager is called and the userid is signed on appropriately with good return codes. DFHUSAD is called for ADD_USER_WITH_PASSWORD. Within ADD_USER_PROCESSING, a check is made to determine if the userid is already known to the US domain by checking for an entry within the Directory Domain. When an entry is found to already exist, AUTHENTICATE_PASSWORD_IF_SUPPLIED is called. Within this routine, if the password existance bit is not on (usad_password_x) or bit usud_verify_no_password is not turned on from a previous add_user_with_password then usad_response = usad_exception and usad_reason = usad_password_required is set and DFHSN1105 is issued. . ADDITIONAL KEYWORD(s): KIXREVSCB
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: Unexpected message DFHSN1105 indicating * * password required for non-terminal * * signon. * **************************************************************** * RECOMMENDATION: * **************************************************************** RACF exit ICHRIX01 is being used to allow a signon with a specific USERID where password checking is disabled. There has been a previous non-terminal DFHUSAD ADD_USER_WITHOUT_PASSWORD call for this USERID which created an entry in the CICS USD1 directory. Later on there is a DFHUSAD ADD_USER_WITH_PASSWORD for a non-terminal signon with the same USERID where no password is present. This gets rejected by DFHUSAD with an EXCEPTION of USAD_PASSWORD_REQUIRED. CICS raises this exception without first calling the external security manager. ADDITIONAL KEYWORDS :- MSGDFHSN1105
Problem conclusion
DFHUSAD has been changed so that an ADD_USER_WITH_PASSWORD is not automatically rejected with a USAD_PASSWORD_REQUIRED exception when no password is present. Instead, DFHUSAD will call external security domain to invoke the external security manager for this signon.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM16987
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-06-22
Closed date
2010-09-09
Last modified date
2010-10-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PM21947 UK60370
Modules/Macros
DESUSAD DFHUSAD
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK60370
UP10/09/15 P F009
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 October 2010