IBM Support

PH59985: IBM EXPLORER FOR Z/OS 3.3.2 DAEMON AUTHENTICATION SERVICE FAILS TO STOP AUTHENTICATION WITH INCORRECT EXTENDED ATTRIBUTES

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The program fekfomvs requires the following UNIX permissions and
extended attributes: rwxr-xr-x...aps-

The extended 'a' attribute means that the program behaves as if
loaded from an APF-authorized library. Without that extended
attribute fekfomvs cannot authenticate a user attempting to
connect to a remote system. This misconfiguration
should cause the RSED to error out and prevent the
authentication. But currently the Daemon authentication service
fails to handle this and lets the authentication continue
as successful.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: 1. All users                                 *
****************************************************************
* PROBLEM DESCRIPTION: 1. fekfomvs is required to be APF       *
*                      (extended 'a' attribute), the           *
*                      required bit setting is 'aps'.  When   *
*                      its bit setting is not proper, RSE      *
*                      may fail to properly authenticate a     *
*                      user.                                   *
****************************************************************
1. When it is not APF, fekfomvs cannot perform its verifyUser
command to authenticate a user. RSE authentication service
fails to recognize the issue and let the authentication going
through as sucessful.

    



Problem conclusion


    

  • 1. Have authentication catch the issue and fails the
authentication. This could also affect RSEAPI.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH59985
    • 

  • Reported component name
    EXP FOR Z/OS HO
    • 

  • Reported component ID
    5655EXP23
    • 

  • Reported release
    330
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-02-23
    • 

  • Closed date
    2024-03-07
    • 

  • Last modified date
    2024-04-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • FEJENF70 FEJJCNFG FEJJJCL  FEJJMON  FEJTSO   FEK1SMPE FEK2RCVE
FEK3ALOC FEK4ZFS  FEK5MKD  FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR
FEK@CONE FEK@CONF FEK@CUST FEK@DEB  FEK@DESC FEK@FLOW FEK@GEN
FEK@GENW FEK@ISPF FEK@IVP  FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE
FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM
FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1
FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX
FEKATTR  FEKDSI   FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD  FEKFCIPH
FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6
FEKFCORE FEKFDBG  FEKFDBG6 FEKFDBGM FEKFDIR  FEKFDIR6 FEKFDIVP
FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR
FEKFENVS FEKFEPL  FEKFERRF FEKFGDGE FEKFICUL FEKFISPF FEKFIVP0
FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU
FEKFJLIC FEKFJSON FEKFJVM  FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP
FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMNTL FEKFNTCE
FEKFOMVS FEKFPATT FEKFPKCS FEKFPLUG FEKFPTC  FEKFRIVP FEKFRMSG
FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL  FEKFSTUP FEKFT000
FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFTIVP
FEKFTSO  FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZOS  FEKHCONF
FEKHCUST FEKHDEB  FEKHDESC FEKHFLOW FEKHGEN  FEKHISPF FEKHIVP
FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM
FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT  FEKKEYS
FEKLOCKA FEKLOGR  FEKLOGS  FEKM00   FEKM01   FEKM02   FEKMKDIR
FEKMOUNT FEKMSGC  FEKMSGS  FEKPKCS1 FEKRACF  FEKRSED  FEKSAPF
FEKSAPPL FEKSBPX  FEKSCLAS FEKSCLOG FEKSCMD  FEKSCPYM FEKSCPYU
FEKSDSN  FEKSENV  FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON
FEKSJWT  FEKSJWTU FEKSLPA  FEKSPROG FEKSPTKT FEKSRSED FEKSSERV
FEKSSTC  FEKSSU   FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT
FEKXMAIN FEKXML   HUHFCOR6 HUHFCORE

    



Fix information


    

  • Fixed component name
    EXP FOR Z/OS HO
    • 

  • Fixed component ID
    5655EXP23
    • 



Applicable component levels


    

  • R330  PSY  UI95993
       UP24/03/16  P  F403  &
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"330","Line of Business":{"code":"LOB70","label":"Z TPS"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 April 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback