Use of the tool CREATEUSERS will copy the model password which must be entered on subsequent logons. If an incorrect password is entered and passed to an external security manager, various error mesages and logon failure will result.
Article ID: KB0088139
Updated On:
| Products | Versions |
|---|---|
| TIBCO Object Service Broker for z/OS | - |
| Not Applicable | - |
Description
Resolution:
Description
The Shared Tool CREATEUSERS can be used to clone Object Service Broker user identifiers using a previously defined model user identifier. When doing this, the model password is also copied into each new user definition if a password exists. When the new user logs on to Object Service Broker using the cloned password, she may change the password by entering the "Update Profile" option on the Standard Workbench. The system or security administrator may also change the user's password using the Security Management main menu or by executing the rule "Security".
If you are using an external security manager, that is your Execution Environment security setting is one of:
SECURITY={ACF | EXTERNAL | MIXED | RACF | TSS}
then entering a incorrect password may result in a security error messages such as:
ICH408I USER(uuuuuuu) GROUP(gggggg) NAME(xxx xxxxxx) LOGON/JOB INITIATION - USER AT TERMINAL tttttt NOT RACF-DEFINED
ACF01004 LOGONID uuuuuuu NOT FOUND
and
S6BSM019E LOGON terminated at Security Logon
Entering an invalid password at logon while using SECURITY=MIXED will cause the authentication to be passed to the external security manager (ACF, RACF or TSS) at which time the external security manager may report that the userid is not defined if the user is only known to Object Service Broker security.
In this case, you must enter the cloned password correctly and then update the password to a new one. If you do not know the password, have your security administrator change your password so that you can logon and then update your password.
Environment
All z/OS environments using external security managers such as: RACF, ACF2 or TSS.
TIBCO Product name and version
* TIBCO Object Service Broker 5.0
Symptoms
The following messages may be produced when external security is invoked and an incorrect password is entered at logon time:
ICH408I USER(uuuuuuu) GROUP(gggggg) NAME(xxx xxxxxx) LOGON/JOB INITIATION - USER AT TERMINAL tttttt NOT RACF-DEFINED
ACF01004 LOGONID uuuuuuu NOT FOUND
S6BSM019E LOGON terminated at Security Logon
Cause
Entering an incorrect password, whether the user identifier has been cloned or not, will result in security failure messages being written to your terminal or the z/OS system log or audit logs. The logon will be failed as a result.
Resolution
Use the correct password when logging on to the Object Service Broker System. You can use the "Update User Profile" to change your password or ask your security administrator to do so on your behalf.
References
More information about cloning user identifiers and managing security can be found in:
TIBCO® Object Service Broker Managing Security 5.0
TIBCO® Object Service Broker Shareable Tools 5.0 -see CREATEUSERS tool
Description
The Shared Tool CREATEUSERS can be used to clone Object Service Broker user identifiers using a previously defined model user identifier. When doing this, the model password is also copied into each new user definition if a password exists. When the new user logs on to Object Service Broker using the cloned password, she may change the password by entering the "Update Profile" option on the Standard Workbench. The system or security administrator may also change the user's password using the Security Management main menu or by executing the rule "Security".
If you are using an external security manager, that is your Execution Environment security setting is one of:
SECURITY={ACF | EXTERNAL | MIXED | RACF | TSS}
then entering a incorrect password may result in a security error messages such as:
ICH408I USER(uuuuuuu) GROUP(gggggg) NAME(xxx xxxxxx) LOGON/JOB INITIATION - USER AT TERMINAL tttttt NOT RACF-DEFINED
ACF01004 LOGONID uuuuuuu NOT FOUND
and
S6BSM019E LOGON terminated at Security Logon
Entering an invalid password at logon while using SECURITY=MIXED will cause the authentication to be passed to the external security manager (ACF, RACF or TSS) at which time the external security manager may report that the userid is not defined if the user is only known to Object Service Broker security.
In this case, you must enter the cloned password correctly and then update the password to a new one. If you do not know the password, have your security administrator change your password so that you can logon and then update your password.
Environment
All z/OS environments using external security managers such as: RACF, ACF2 or TSS.
TIBCO Product name and version
* TIBCO Object Service Broker 5.0
Symptoms
The following messages may be produced when external security is invoked and an incorrect password is entered at logon time:
ICH408I USER(uuuuuuu) GROUP(gggggg) NAME(xxx xxxxxx) LOGON/JOB INITIATION - USER AT TERMINAL tttttt NOT RACF-DEFINED
ACF01004 LOGONID uuuuuuu NOT FOUND
S6BSM019E LOGON terminated at Security Logon
Cause
Entering an incorrect password, whether the user identifier has been cloned or not, will result in security failure messages being written to your terminal or the z/OS system log or audit logs. The logon will be failed as a result.
Resolution
Use the correct password when logging on to the Object Service Broker System. You can use the "Update User Profile" to change your password or ask your security administrator to do so on your behalf.
References
More information about cloning user identifiers and managing security can be found in:
TIBCO® Object Service Broker Managing Security 5.0
TIBCO® Object Service Broker Shareable Tools 5.0 -see CREATEUSERS tool
Issue/Introduction
Use of the tool CREATEUSERS will copy the model password which must be entered on subsequent logons. If an incorrect password is entered and passed to an external security manager, various error mesages and logon failure will result.
Feedback
Yes
No
Powered by
