PQ79760: INVALID LOGON ATTEMPT USING CUSTOM REGISTRY CAUSES SUBSEQUENT LOGON FAILURES UNTIL SECURITY CACHE TIMEOUT REACHED

 A fix is available

Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
The problem occurs when checking the user id/password
combination using the CUR and the CUR throws a
CustomRegistryException (e.g. because the backend server
does not respond). If this happens, the user id/password
combination is cached by the security cache and marked
as invalid. This seem to be incorrect because the user
id/password combination was not checked at all. This leads
to the problem that the user cannot login until the security
cache times out even if he uses the correct
user id/password combination and the backend is up again.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security.                       *
****************************************************************
* PROBLEM DESCRIPTION: Invalid login attempt using custom      *
*                      registry causes subsequent logon        *
*                      failures until security cache           *
*                      reached                                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Invalid login attempt using custom registry causes subsequent
logon failures until security cache time-out is reached.
Problem conclusion
Failed login attempts are no longer cached.
Temporary fix Comments
APAR information
APAR number PQ79760
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-10-17
Closed date 2003-10-30
Last modified date 2003-10-30

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ79760
IBM Group: Software Group
Modified date: Oct 30, 2003