PQ50858: EXPLANATION OF BBOU0507E IS NOT SUFFICIENT | |||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description Customer is running in a sysplex environment. The have the WebSphere servers running on only one system and invoke a client from another system. The security configuration for his application server has userid and password enabled and allows unauthenticated clients. When the client program runs, BBOU0507E is issued, but the client runs successfully. The message text and explanation is as follows. BBOU0507E Security manager: pass ticket create failed Explanation: Security Manager - Security Manager hash table creation failure. User response: contact your next level of support or the IBM Support Center . The real reason for the messagge is that the client sends a request to BBONM which is configured at bootstrap installation with userid/passticket. Therefore, the response back to the client is an IOR that contains a security contex with userid/passticket. This causes the client side to attempt to initialize the userid/passticket enablement, but since there is no daemon running on the client system, BBOU0507E is issued. It then continues to look for other security protocols and finds one, that's why the client ran successfully. So the first issue is, the message should probably be a warning, definitely not an error. Also the text should be updated to indicate the problem is the daemon is not running, and that a returned IOR has userid/passticket support.Local fix To stop getting the BBOU0507E message, make sure the daemon is running on all systems where the client is running.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0 for z/OS and OS/390. * **************************************************************** * PROBLEM DESCRIPTION: Message BBOU0507E is incorrectly routed * * to error log. The message type code of * * E (Error) is incorrect since nature of * * this message is an I (Informational) * * message type. Also, the explanation of * * the message in the WebSphere * * Application Server V4.0 for z/OS and * * OS/390 Messages and Diagnosis * * publication needs to be revised to * * correctly explain the message issuance. * **************************************************************** * RECOMMENDATION: * **************************************************************** Customer was running in a sysplex environment. They have the WebSphere servers running on only one system and invoke a client from another system. The security configuration for their application server has userid and password enabled and allows unauthenticated clients. When the client program runs, BBOU0507E is issued, but the client runs successfully. The message text and explanation is as follows: BBOU0507E Security manager: pass ticket create failed Explanation: Security Manager - Security Manager hash table creation failure. User response: contact your next level of support or the IBM Support Center The real reason for the message is that the client sends a request to BBONM which is configured at bootstrap installation with userid/passticket. Therefore, the response back to the client is an IOR that contains a security context with userid/passticket. This causes the client side to attempt to initialize the userid/passticket enablement, but since there is no daemon running on the client system, BBOU0507E is issued. It then continues to look for other security protocols and finds one, that's why the client ran successfully. So the first issue is, the message should be a informational, definitely not an error. Also the text should be updated to indicate the problem is the daemon is not running, and that a returned IOR has userid/passticket support. The message code type for message BBOU0507E needs to be changed from code type E (Error) to code type I (Informational). This message is incorrectly routed to the server error log. Message processing for BBOU0507I should be modified such that the messages is only routed to the JOBLOG associated with the client process. The WebSphere Application Server V4.0 for z/OS and OS/390 Messages and Diagnosis publications needs updated as a result of this APAR. Using the GA22-7837-01 version of the publication as an example, the following message change needs to be done: ________________________________________________________________ Chapter 12, pg. 273 (changed message) BBOU0507I Security was not able to create a passticket Explanation: This process was attempting to initialize userid/passticket security, and was not able to generate a passticket. The process continues, and attempts to use the next available security method. User Response: The most likely reasons for this are, that the WebSphere Daemon was not active on the system, or the SAF security manager was not configured to support passtickets. It is a requirement for using userid/passticket security that the WebSphere Daemon process be active on the system where passtickets are generated. Further you must activate the resource class PTKTDATA, and define the CBS390 profile in this class. All users or groups that intend to use this resource must be given read access to this profile. ________________________________________________________________Problem conclusion Temporary fix Comments This APAR is being closed FIN with concurrence from the submitting customer. A solution to this problem will be delivered in a WebSphere Application Server for z/OS and OS/390 release within the next 18 months. A fix for the problem reported by this APAR has been provided in PTF UQ58507 of WebSphere Application Server V4.0.1 for z/OS and OS/390.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ50858
IBM Group: Software Group
Modified date: Jul 24, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.