IBM Support

PM83348: ADD SUPPORT FOR A MORE SECURE WAY OF HANDLING USER CREDENTIALS FOR REPOSITORY AUTHENTICATION.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Add support for a more secure way of handling user credentials
    for repository authentication. This new approach is based on
    Equinox Secure Storage mechanism which is recommended by the
    latest Eclipse framework which Centralized Installation
    Manager is build on top of. Two new parameters, secure storage
    file and master password file, are added for job submission of
    Update Installation Manager and Manager offerings.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM Websphere Application      *
    *                  Server Network Deployment edition           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Installation Manager introduced         *
    *                      support for a more secure way of        *
    *                      handling user credentials for           *
    *                      repository authentication.              *
    ****************************************************************
    * RECOMMENDATION:  New parameters are added for the new        *
    *                  authentication method in Update IM job and  *
    *                  Manage Offering job.                        *
    *                  The two parameters are secure storage       *
    *                  file and master password file, which can    *
    *                  be seen as keyring and password.            *
    *                  The usage difference is that the password   *
    *                  is now to be contained in a text file, and  *
    *                  is now also required when using the secure  *
    *                  storage file.                               *
    *                  It is optional to use secure storage file   *
    *                  and master password file as legacy keyring  *
    *                  is still supported.                         *
    *                  If both credentials are provided then       *
    *                  only the secure storage file pair will be   *
    *                  used.                                       *
    *                  There is no migration path between legacy   *
    *                  keyring and new secure storage files.       *
    *                  This is due to completely different         *
    *                  structure of the files and the fact that    *
    *                  master password is now required.            *
    *                  Therefore, secure storage files will need   *
    *                  to be generated from scratch, with a        *
    *                  process similar to creating a keyring.      *
    *                  Example. Here is how new parameters can     *
    *                  be used in imutilsc command.                *
    *                  imutilsc saveCredential                     *
    *                  -secureStorageFile /home/user/cred_store    *
    *                  -masterPasswordFile                         *
    *                  /home/user/master_password_file -url        *
    *                   ¢â‚¬ “url_to_secured repository ¢â‚¬  ½ -use
    *                  userA -userPassword                         *
    *                   ¢â‚¬ “ThePasswordToAccessURL ¢â‚¬  ½
    *                  Master password file is a simple text       *
    *                  file with passphrase text in it. For        *
    *                  example:  ¢â‚¬ “This is my master password ¢â
    *                  WARNING. Legacy keyring support will be     *
    *                  removed in future versions of the           *
    *                  Installation Manager.  This will render     *
    *                  your keyring files useless.                 *
    *                  It is recommended that you start            *
    *                  generating your secure storage files        *
    *                  sooner rather than later and switch to new  *
    *                  mechanism at your earliest convenience.     *
    ****************************************************************
    Add support for a more secure way of handling user credentials
    for repository authentication. This new approach is based on
    Equinox Secure Storage mechanism which is recommended by the
    latest Eclipse framework which Centralized Installation
    Manager is build on top of. Two new parameters, secure storage
    file and master password file, are added for job submission of
    Update Installation Manager and Manager offerings.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PM83348

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-21

  • Closed date

    2013-06-11

  • Last modified date

    2013-06-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
01 November 2021