A fix is available
APAR status
Closed as program error.
Error description
New functionality is implemented to improve security between QM components: CAE Server, CAE Agents and CQM ISPF clients. Three enhancements are implemented to archive this goal: 1. All data between CAE Server and CAE Agents may be encrypted using AT-TLS rather than using an application-based encryption. 2. CQM ISPF client connects to local CAE Agent port rather than directly to CAE Server. 3. Added support for users that have enabled Multi Factor Authentication.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Db2 Query Monitor z/OS. * **************************************************************** * PROBLEM DESCRIPTION: Security improvements for CAE Server * * and Agent. * **************************************************************** * RECOMMENDATION: APPLY the PTF. * **************************************************************** APAR adds new functionality to CAE Server and CAE Agent to support pass-phrase. **************************************************************** * Known issues/limitations * **************************************************************** 1.Although special characters in password/pass-phrase are more secure and harder to guess they might cause issues for JDBC connections which CAE server establishes to Db2 for z/OS (like '|' vertical bar). More information can be found in the following documentation: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/ com.ibm.zos.v2r3.icha700/ascp.htm 2. By default CAE Server uses CCSID 500 for all data encoding between CAE server and z/OS including password/pass-phrase. This means that during initial login password/pass-phrase will be decoded with CCSID 500 and sent to RACF for authentication. This could cause issues if the password/pass-phrase contains special characters which have different representations in different code pages and was created in another CCSID. In this case the following java option can be specified during CAE startup to change the default CCSID (value can be any which is supported by JRE):
Problem conclusion
APAR adds new functionality to CAE Server and CAE Agent to support pass-phrase. It also changes the Data sharing behavior in ISPF such that ISPF cannot connect to CAE Server directly and will work via CAE Agent only. Search Keywords: PASS-PHRASE CAE SERVER AGENT
Temporary fix
Comments
APAR Information
APAR number
PI98407
Reported component name
DB2 QUERY MONIT
Reported component ID
5655E6701
Reported release
330
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-05-24
Closed date
2019-04-04
Last modified date
2019-05-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PH10478 UI62339
Modules/Macros
CQM#BCMX CQM#IVSM CQM#LCSD CQM#MAIN CQM#MSSP CQM#QAPI CQM#QAPX CQM#SDAQ CQM#SDIR CQM$$PRM CQM$$SEQ CQM$BUFP CQM$CHLP CQM$CNCL CQM$CPRF CQM$DB2C CQM$DDB2 CQM$DSCV CQM$ERRP CQM$FILT CQM$FLT2 CQM$INTD CQM$LINK CQM$LOCK CQM$OBJS CQM$OPTN CQM$PRFS CQM$PROF CQM$RANG CQM$SQCI CQM$SQCL CQM$SQCM CQM$SQCP CQM@LDB2 CQM@LSTM CQMBLOB CQMCAE CQMCAPI CQMCMGRT CQMJAR CQMMGRT CQMPRMCR CQMPROC CQMPTFRM CQMSSV CQMSWD CQMUPXCF
Fix information
Fixed component name
DB2 QUERY MONIT
Fixed component ID
5655E6701
Applicable component levels
R330 PSY UI62339
UP19/04/10 P F904
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSZJXP","label":"DB2 Tools for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.3.0","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
05 November 2021