PQ76602: CHANGING WSGUEST TO A DIFFERENT ID IN THE CUSTOMIZATION PANELS DOES NOT GET PROGAGATED TO COM.IBM.SECURITY.SAF.UNAUTHENTICATED | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description 1.) Customer changed the default "WSGUEST" id during the customization dialogs, and did not have WSGUEST defined in RACF on the system. The following errors occured upon starting the deployment manager: BBOS0003E initACEE (IRRSIA00) failed for MVS Userid:WSGUEST, with APPLID: CBS390, with SAF Return Code=8, RACF Return Code=16 BBOO0220E SECJ0055E: Authentication failed for WSGUEST. The user id or password may have been entered incorrectly or misspelled. The user id may not exist, the account could have expired or disabled. The password may have expired. The new user id specified in the customization panels did not get propagated to security.xml variable com.ibm.security.saf.unauthenticated. 2. In addition to the above error, when looking at the job output com_ibm_security_SAF_unauthenticated always indicates "NOT SET": BBOM0001I com_ibm_security_SAF_unauthenticated: NOT SET DEFAULT=WSGUEST com_ibm_security_SAF_unauthenticated indicates "NOT SET" although it is set correctly in hfs file security.xml.Local fix Change the setting in the admin webpage: Security -> User Registries -> Local OS -> Custom Properties -> com.ibm.security.SAF.unauthenticated . or correct the com.ibm.security.SAF.unauthenticated variable in /WebSphere/V5R0M0/DeploymentManager/config/cells/plex/ security.xml with an ascii editor and run the transformer "wsc2n.sh -X" to pick up the change.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Since * * com.ibm.security.SAF.unauthenticated * * remains the default WSGUEST, customers * * using the value they specified for * * unauthenticated users may be unable to * * do "normal" things. For example, the * * customer was unable to stop an * * application server. * * * * The job log contained the following, * * which indicates that access was * * attempted for user WSGUEST instead of * * the intended ID. * * * * ICH408I USER(WSGUEST) GROUP(WSCLGPT) * * NAME(WAS DEFAULT USER) administrator * * CL(EJBROLE) * * INSUFFICIENT ACCESS AUTHORITY * * ACCESS INTENT(READ)ACCESS ALLOWED(NONE) * * BBOO0222I SECJ0305I: Role based * * authorization check failed for security * * name AHCPLEX/WSGUEST, accessId * * user:AHCPLEX/WSGUEST while invoking * * method stop on resource Server and * * module Server. * **************************************************************** * RECOMMENDATION: * **************************************************************** If the customer changes the default unauthenticated userid on the ISPF dialog panels, it is not correctly reflected in the security.xml file (base or ND): Property_40" name="com.ibm.security.SAF.unauthenticated" value="&WEBUUSR." In the panels, WEBUUSR is not changed if the customer changes the value of the unauthenticated user (panel BBOWPS23).Problem conclusion The dialog panel BBOWPS23 will be updated to set &WEBUUSR to the value of the unauthenticated user. As a result, the value for com.ibm.security.SAF.unauthenticated will be set correctly and the problem described above will be fixed. APAR PQ76602 is associated with SERVICE LEVEL W500104 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ76602.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ76602
IBM Group: Software Group
Modified date: Feb 28, 2006
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.