APAR status
Closed as program error.
Error description
Start up of Application Server shows the non-encrypted password
for the LDAPUserRegistry. The following lines show where the
value for serverPassword is not encrypted. It shows:
serverPassword: pword1
The password should be encrypted.
-
Entries from the Application Server startup that shows the
problem::
-
DocAccessor < lookup
com.ibm.websphere.models.config.security.impl.
LDAPUserRegistryImpl@18205
(serverId: uid=userid1,cn=users,l=location,
st=massachusetts,c=us,ou=lotus,o=software group,dc=ibm,dc=com,
serverPassword: pword1,
realm: ids52ldap.notesdev.ibm.com:389,
limit: <unset>, ignoreCase: true) (type: IBM_DIRECTORY_SERVER,
sslEnabled: false, sslConfig: p650-3lpar4/DefaultSSLSettings,
baseDN: l=location,st=massachusetts,c=us,ou=lotus,
o=software group,dc=ibm,dc=com,
bindDN: uid=userid2,cn=users,l=location,st=massachusetts,
c=us,ou=lotus,o=software group,dc=ibm,dc=com,
bindPassword: pword2, searchTimeout: 120,
monitorInterval: <unset>, reuseConnection: false)
MOFUtil > getAttribute
com.ibm.websphere.models.config.security.impl.
LDAPUserRegistryImpl@182057d3 (serverId: uid=userid1,
cn=users,l=location,st=massachusetts,c=us,ou=lotus,o=software
group,dc=ibm,dc=com, serverPassword: pword1,
realm: ids52ldap.notesdev.ibm.com:389, limit: <unset>,
ignoreCase: true)
(type: IBM_DIRECTORY_SERVER, sslEnabled: false,
sslConfig: p650-3lpar4/DefaultSSLSettings,
baseDN: l=location,st=massachusetts,c=us,ou=lotus,
o=software group,dc=ibm,dc=com,
bindDN: uid=userid2,cn=users,l=location,st=massachusetts,
c=us,ou=lotus,o=software group,dc=ibm,dc=com,
bindPassword: pword2, searchTimeout: 120,
monitorInterval: <unset>, reuseConnection: false) serverId
Local fix
Search Keywords: clear unencrypted encryption security LDAP
pass word passwords UserRegistry appserver dmgr nodeagent
portal portlet portalserver
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application server users that *
* are using the LDAP User Registry function. *
****************************************************************
* PROBLEM DESCRIPTION: LDAP User Registry passwords were *
* displayed in log files. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The logging function used a model to string conversion methods
which displayed password values in plain text. The conversion
methods may not display the password values.
Problem conclusion
The conversion methods were updated to display a fixed list of
asterisks instead of the password value.
The modelling policies were updated to require that model
developers update their conversion methods to prevent passwords
from being displayed.
Temporary fix
Trial fix created 28-Apr-05 and being tested.
Comments
APAR information |
APAR number |
PK04255 |
Reported component name |
WAS ENTERPRISE |
Reported component ID |
5630A3700 |
Reported release |
00W |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-04-14 |
Closed date |
2005-06-07 |
Last modified date |
2005-06-07 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS ENTERPRISE |
Fixed component ID |
5630A3700 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|