PQ56074: AUTHORIZATION FAILED FOR / OCCURS WHEN USING COM.IBM.CORBA.LOCALHOST PARAMETER IN ADMIN.CONFIG

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server (WAS) 3.5.4
.
Description:Environment:WebSphere Application Server (WAS) 3.5.4.
With WAS security enabled, when using the com.ibm.CORBA.LocalHost parameter to embed the hostname into IORs instead of the default IP address of the WAS box, trying to start the admin console results in no login prompt and an "Authorization failed for /" message in the tracefile. Any othe admin client like XMLConfig also results in the same behavior. . This same issue exists on version 4.0.1 and 4.0.2. The message is slightly different, however; "Authorization failed for /UNAUTHENTICATED". . This is resolved in 4.0.3 and the latest security cumulative eFix applicable to 4.0.2.
Description:With WAS security enabled, when using thecom.ibm.CORBA.LocalHost parameter to embed the hostname intoIORs instead of the default IP address of the WAS box, tryingto start the admin console results in no login prompt and an"Authorization failed for /" message in the tracefile. Any otheadmin client like XMLConfig also results in the same behavior..This same issue exists on version 4.0.1 and 4.0.2. The messageis slightly different, however; "Authorization failed for/UNAUTHENTICATED"..This is resolved in 4.0.3 and the latest security cumulativeeFix applicable to 4.0.2.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who       *
*                 set-up com.ibm.CORBA.LocalHost               *
*                 parameter in admin.config.                   *
****************************************************************
* PROBLEM DESCRIPTION: With WAS security enabled, when using   *
*                      the com.ibm.CORBA.LocalHost = xxxx,     *
*                      adminserver and/or adminconsole can     *
*                      not be started properly, and you also   *
*                      see authorization failed for /.         *
****************************************************************
* RECOMMENDATION: Apply efix, or not edit                      *
*                 com.ibm.CORBA.LocalHost(using default        *
*                 option).                                     *
****************************************************************
With WAS security enabled, when using
the com.ibm.CORBA.LocalHost parameter, adminserver and/or
adminconsole can not be started properly, and you also see
Authorization failed for / exceptions.
Problem conclusion
With WAS security enabled, when using
the com.ibm.CORBA.LocalHost= hostname, the hostname was used
in security tag componnent, but IP address was returned by
IOR, and the inconsistancy cause TaggedSecurityComponnent not
found, thus communication is unsecured.
Temporary fix
PQ56074-354.jar
Comments
APAR information
APAR numberPQ56074
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-12-18
Closed date2002-01-22
Last modified date2003-01-20

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400
APAR is sysrouted TO one or more of the following:Modules/Macros

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ56074
IBM Group: Software Group
Modified date: 2003-01-20