Fixes are available
Rational ClearCase Fix Pack 08 (7.1.2.8) for 7.1.2
Rational ClearCase Fix Pack 04 (8.0.0.4) for 8.0
Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2
Rational ClearCase Fix Pack 11 (8.0.0.11) for 8.0
Rational ClearCase Fix Pack 12 (8.0.0.12) for 8.0
Rational ClearCase Fix Pack 15 (7.1.2.15) for 7.1.2
Rational ClearCase Fix Pack 13 (8.0.0.13) for 8.0
Rational ClearCase Fix Pack 16 (7.1.2.16) for 7.1.2
Rational ClearCase Fix Pack 17 (7.1.2.17) for 7.1.2
Rational ClearCase Fix Pack 14 (8.0.0.14) for 8.0
Rational ClearCase Fix Pack 18 (7.1.2.18) for 7.1.2
Rational ClearCase Fix Pack 15 (8.0.0.15) for 8.0
Rational ClearCase Fix Pack 19 (7.1.2.19) for 7.1.2
Rational ClearCase Fix Pack 16 (8.0.0.16) for 8.0
Rational ClearCase Fix Pack 17 (8.0.0.17) for 8.0
Rational ClearCase Fix Pack 18 (8.0.0.18) for 8.0
Rational ClearCase Fix Pack 19 (8.0.0.19) for 8.0
Rational ClearCase Fix Pack 20 (8.0.0.20) for 8.0
Rational ClearCase Fix Pack 21 (8.0.0.21) for 8.0
APAR status
Closed as program error.
Error description
In IBM Rational ClearCase 7.1.x a user may be able to log into a ClearCase Change Management (CM) Server hosted on a Linux server even though that user's local account password has expired. This has only been observed when the password is encrypted using DES in the /etc/shadow file. When another encryption method is used, the user will be presented with an error indicating a problem with the credentials: CRVAP0383E Logon failure: unknown user name or bad password. CRVSV0078E Error from RPC server: CRVSV0841E 'CRVSV0585E Attempted login failed: Unable to login: username or password is incorrectUnable to login: username or password is incorrect'. Steps to reproduce the issue: 1) Encrypt user password using DES encryption (this can be done with OS settings or manually with chpasswd -c DES). 2) Allow the password to expire (or manually expire it with chage -d 0). 3) The user can still log into the CM Server with a ClearCase Remote Client (CCRC) without changing the password. Logging directly into the server will require a password change. Workarounds: It is possible to work around this issue by using another method of password encryption (such as: MD5, SHA512, Blowfish).
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** User can log into ClearCase CM Server on Linux with expired DES-encrypted password
Problem conclusion
A fix is available in ClearCase versions 7.1.2.8 and 8.0.0.4
Temporary fix
Comments
APAR Information
APAR number
PM66764
Reported component name
CLEARCASE WIN
Reported component ID
5724G2900
Reported release
711
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-06-13
Closed date
2012-09-26
Last modified date
2012-09-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARCASE WIN
Fixed component ID
5724G2900
Applicable component levels
R711 PSN
UP
Document Information
Modified date:
26 September 2012