PK06997: THE AUTHENTICATION CACHE FAILS TO FIND USERS THAT HAVE ALREADY AUTHENTICATED WITH THE Z/OS LOCAL-OS REGISTRY. | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The authentication cache fails to find users that have already authenticated with the z/OS local-OS registry. When the cache is queried, the query is done with the SAF ID folded to upper case but the insert is done without the folding. This causes unnecessary cache misses in some scenarios. This apar can be a match if you specify the value for the following variable in lower case (see JESMSGLG part of the job output): protocol_iiop_daemon_listenIPAddress This variable can be modified in admin console under Administration > z/OS Location Service. Specify the new IP address. You should verify if you satisfy the following 3 conditions which make this problem visible: . 1. The value of the protocol_iiop_daemon_listenIPAddress is lower case in the was.env file on the endpoint. This includes the daemon was.env and possibly the application server was.env file. Or check the job output. 2. Global security is enabled in WebSphere for z/OS 3. Local OS is the user registry being used. This problem may cause higher CPU usage due to the fact cache is not utilized.Local fix Modify the 'Host Name' field to specify UPPER case IP Name in the admin console under: System Administration > z/OS Location Service Save the configuration and recycle WebSphere (including Daemon). Once servers are restarted, you should see the following variable in the JESMSGLG part of the job output. Make sure the value is in upper case. protocol_iiop_daemon_listenIPAddress=SOME.IP.ADDRESS.COMProblem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: When the z/OS local-OS/SAF user * * registry is the active user registry, * * a very high cache miss rate may * * cause poor performance. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the local-OS user registry is the active user registry, the queries done against the authentication cache are done with Prinicpal names folded to upper case but the cache insert code did not do case folding. This caused a very high cache miss rate.Problem conclusion The authentication cache code was updated to not change case when doing an insert into the cache or when querying the authentication cache. APAR PK06997 is associated with SERVICE LEVEL W502033 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: PK06996 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PK06997.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK06997
IBM Group: Software Group
Modified date: Oct 13, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.