PQ57643: WEBSPHERE DOES NOT RECOGNIZE EXPIRED PASSWORDS ON SOLARIS

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
When WebSphere security is being used with the LocalOS (in this
case Solaris) as the user registry, users with an expired
password are still allowed to access secured resources.
.
Also, for expired accounts, WebSphere will only give a login
failure if the account expiration date is less than the current
day, such as, it still grants access to accounts that
expire "today"
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users of    *
*                 Local OS security authentication             *
*                 mechanism with Solaris as the base           *
*                 operating system.                            *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere allows users with expired     *
*                      passwords to authenticate.              *
*                                                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
WebSphere allows users with expired passwords to authenticate.
Original code in place for this had two issues.  The first is
passwords that expired as a result of the user not changing
them were disallowed one day after they expired.  The other
issue was that the special values of password expiration set by
invoking "passwd -f" or "passwd -x -1" command lines.
Problem conclusion
Code was added to check for the special cases of the passwd
command.  Existing code was corrected to ensure that passwords
that have not been changed will be rejected on the day they
expire.
Temporary fix
A testfix including code to check for account expiration was
supplied.
Comments
APAR information
APAR number PQ57643
Reported component name WEBSPHERE AE SO
Reported component ID 5630A2202
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-02-07
Closed date 2002-08-20
Last modified date 2003-04-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE SO
Fixed component ID 5630A2202

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ57643
IBM Group: Software Group
Modified date: Apr 29, 2003