A fix is available
APAR status
Closed as program error.
Error description
In z/OS Explorer, which is used by Developer for z Systems (RDz/IDz), RSE does not properly recognize and handle the colon ":" as MFA separator character which leads to MFA error message AZFRADP1. The problem is that the client uses the same colon ":" token to separate the data it sends to the RSE daemon; userid:password:new_password. Because there is no way, currently, to distinguish the separator, the MFA separator token ends up being parsed by the daemon, and the token ends up being interpreted as new_password. In this instance, the MFA configuration uses Generic Radius in-band compound authentication, which consists of the following combination being entered in a logon password field: <RACF credential><MFA separator><OTP> - RACF credential is either a password or passphrase which is validated by RACF - MFA separator is a character used to separate the two authentication pieces - OTP is a one-time generated passcode
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: 01.All zOS Explorer users * * 02.All zOS Explorer users who has SSL * * enabled * * 03.All zOS Explorer users * * 04.All zOS Explorer users * * 05.All zOS Explorer and IDz users * * 06.system programmers * **************************************************************** * PROBLEM DESCRIPTION: 01.rse.env is missing an undocumented * * environment variable * * 02.Enhancement to support 4 char-id * * ciphers when connecting using SSL * * 03.RSE Server TLS session is not using * * the expected cipher suite for the * * client connection. * * 04.Daemon version shown in the log is * * often mixed up with the IDz version * * number. Removed Daemon version:14.0 * * from the Logs to eliminate * * confusion * * 05.In z/OS Explorer, RSE does not * * properly recognize and handle the * * colon ":" in passwords, including * * when specified as an MFA separator * * character, which leads to MFA error * * message AZFRADP1 * * 06.server and user logs not collected * * by FEKLOGS * **************************************************************** 01.rse.env is missing an undocumented environment variable 02.Enhancement to support 4 char-id ciphers when connecting using SSL 03.The Remote System Explorer (RSE) Daemon is using 2 character cipher suites that are proposed in the rse.env > GSK_V3_CIPHER_SPECS. However, the RSE Server is using a 4character cipher that cannot be specified in the GSK_V3_CIPHER_SPECS. 04.Daemon version shown in the log is often mixed up with the IDz version number. Remove Daemon version:14.0 from the Logs to eliminate confusion 05.In z/OS Explorer, RSE does not properly recognize and handle the colon ":" in passwords, including when specified as an MFA separator character, which leads to MFA error message AZFRADP1 06.When RDz/IDz is installed on top of z/OS Explorer, then there is a chance that the server and user logs are not collected by FEKLOGS
Problem conclusion
01.Sample has been updated 02.Host modules have been updated. Note: 4 character ciphers are only supported with JAVA 8 03.Host modules have been updated 04.Host modules have been updated 05.The zOS Explorer server modules are updated 06.corrected variable reuse
Temporary fix
Comments
APAR Information
APAR number
PH03147
Reported component name
EXP FOR Z/OS HO
Reported component ID
5655EXP23
Reported release
301
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-09-21
Closed date
2018-10-18
Last modified date
2018-11-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI59229
Modules/Macros
FEJENF70 FEJJCNFG FEJJJCL FEJJMON FEJTSO FEK1SMPE FEK2RCVE FEK3ALOC FEK4ZFS FEK5MKD FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR FEK@CONE FEK@CONF FEK@CUST FEK@DEB FEK@DESC FEK@FLOW FEK@GEN FEK@GENW FEK@ISPF FEK@IVP FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1 FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX FEKDSI FEKEESX0 FEKFASIZ FEKFBLD FEKFCIPH FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6 FEKFCORE FEKFDBGM FEKFDIR FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR FEKFENVS FEKFEPL FEKFICUL FEKFISPF FEKFIVP0 FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU FEKFJVM FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMINS FEKFNTCE FEKFOMVS FEKFPATT FEKFPRDS FEKFPTC FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL FEKFSTUP FEKFT000 FEKFT001 FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008 FEKFT009 FEKFT010 FEKFT011 FEKFT012 FEKFT013 FEKFT014 FEKFT015 FEKFT016 FEKFT017 FEKFT018 FEKFT019 FEKFT020 FEKFT021 FEKFTIVP FEKFTRKS FEKFTSO FEKFUNIV FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZME FEKFZMF FEKFZOS FEKHCONF FEKHCUST FEKHDEB FEKHDESC FEKHFLOW FEKHGEN FEKHISPF FEKHIVP FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT FEKKEYS FEKLOGR FEKLOGS FEKM00 FEKM01 FEKM02 FEKMKDIR FEKMOUNT FEKMSGC FEKMSGS FEKRACF FEKRSED FEKSAPF FEKSAPPL FEKSBPX FEKSCLAS FEKSCLOG FEKSCMD FEKSCPYM FEKSCPYU FEKSDSN FEKSENV FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSLPA FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC FEKSSU FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML
Fix information
Fixed component name
EXP FOR Z/OS HO
Fixed component ID
5655EXP23
Applicable component levels
R300 PSY UI59229
UP18/10/31 P F810
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"301","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"301","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 November 2018