PK06997: THE AUTHENTICATION CACHE FAILS TO FIND USERS THAT HAVE ALREADY AUTHENTICATED WITH THE Z/OS LOCAL-OS REGISTRY.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The authentication cache fails to find users that have already
authenticated with the z/OS local-OS registry.  When the cache
is queried, the query is done with the SAF ID folded to upper
case but the insert is done without the folding.  This causes
unnecessary cache misses in some scenarios.
This apar can be a match if you specify the value for the
following variable in lower case (see JESMSGLG part of the job
output):
protocol_iiop_daemon_listenIPAddress
This variable can be modified in admin console under
Administration > z/OS Location Service. Specify the new IP
address.
You should verify if you satisfy the following 3 conditions
which make this problem visible:
.
1. The value of the protocol_iiop_daemon_listenIPAddress is
   lower case in the was.env file on the endpoint. This includes
   the daemon was.env and possibly  the application server
   was.env file.  Or check the job output.
2. Global security is enabled in WebSphere for z/OS
3. Local OS is the user registry being used.

This problem may cause higher CPU usage due to the fact cache is
not utilized.
Local fix
Modify the 'Host Name' field to specify UPPER case IP Name in
the admin console under:
System Administration > z/OS Location Service
Save the configuration and recycle WebSphere (including Daemon).

Once servers are restarted, you should see the following
variable in the JESMSGLG part of the job output.  Make sure the
value is in upper case.
protocol_iiop_daemon_listenIPAddress=SOME.IP.ADDRESS.COM
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: When the z/OS local-OS/SAF user         *
*                      registry is the active user registry,   *
*                      a very high cache miss rate may         *
*                      cause poor performance.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the local-OS user registry is the active user registry,
the queries done against the authentication cache are done with
Prinicpal names folded to upper case but the cache insert
code did not do case folding. This caused a very high cache miss
rate.
Problem conclusion
The authentication cache code was updated to not
change case when doing an insert into the cache or when
querying the authentication cache.

APAR PK06997 is associated with SERVICE LEVEL W502033 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PK06997
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER YesHIPER
Special Attention NoSpecatt
Submitted date 2005-06-08
Closed date 2005-08-24
Last modified date 2005-10-13

APAR is sysrouted FROM one or more of the following:
PK06996

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK06587    UP05/08/27 P F508

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK06997.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK06997
IBM Group: Software Group
Modified date: Oct 13, 2005