ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AiX client password problem

2001-11-28 09:03:01
Subject: Re: AiX client password problem
From: Sias Dealy <hnre AT YAHOO DOT COM>
Date: Wed, 28 Nov 2001 05:44:56 -0800 
Hello,

Some time ago I reported a problem with the AIX 4.3.3
client. The passwordaccess generate option doesn't
work under certain circumstances.
 There is now a apar which diescribes the problem:

 APAR Identifier ...... IC31516

PASSWORDACCESS GENERATE DOES NOT WORK IF ENCRYPTION OF
THE PASSWORD CAUSES A ZERO BYTE TO BE PART OF THE
PASSWORD.


 ERROR DESCRIPTION:
 Whe using passwordaccess generate, a password record
is formed
 for writing to the tsm.pwd file.  The password record
consists
 of the userid, servername, nodename, and the
encrypted password.
 All parts of the password record are written as a
sring and the
 encrypted password will fail to be written correctly
if the
 string contains a 0-byte within it.
 for example if the encrypted password string is:
 "D8 D6 BD 00 94 26 CB 11 7F" when it is written to
the
 password record, it is truncated at the 0-byte to "D8
D6 BD"
 and is thus incorrect within the tsm.pwd.
 This problem will only occur with passwordaccess
generate
 and the password encryption scheme results in a 0
symbol
 within it.  Since the password is incorrect in the
tsm.pwd file,
 the user will be prompted for the password even if it
was
 already set using passwordaccess generate.


 LOCAL FIX:
 Use a different nodename and/or password so the
encryption
 scheme will generate a different encryption string
that does
 not contain an 0 within it.


 PROBLEM SUMMARY:

****************************************************************
 *USERS AFFECTED: Novell Netware client, UNIX client
         *

****************************************************************
 *PROBLEM DESCRIPTION: PASSWORDACCESS generate:
incorrect       *
 *                     writing to the password file
         *

****************************************************************

 PROBLEM CONCLUSION:
 The problem was related with an incorrect way of the
password
 record writing. It should be written as the binary
data rathe
 than the string.

 TEMPORARY FIX:
 Try to use another password or another node




Sias Dealy




--- "Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU> wrote:
> Ive' had this happen before, still not sure what
> Ive' had this happen before, still not sure what
> does it - as your AIX guys
> if they installed any maintenance, or did something
> that would change
> permissions - I'll bet they did.
>
> If you have passwordaccess GENERATE, the TSM
> password is encrypted into a
> file in /etc/security somewhere.  Sometimes
> something wipes it out (or maybe
> changes the permissions on the file), and we get the
> results you describe.
>
> Still haven't tracked down why, let me know if you
> find out anything!
>
>
************************************************************************
> Wanda Prather
> The Johns Hopkins Applied Physics Lab
> 443-778-8769
> wanda_prather AT jhuapl DOT edu
>
> "Intelligence has much less practical application
> than you'd think" -
> Scott Adams/Dilbert
>
************************************************************************
>
>
>
>
>
>
> -----Original Message-----
> From: Anderson, Michael - HMIS
> [mailto:Michael_Anderson AT HMIS DOT ORG]
> Sent: Monday, November 26, 2001 9:08 AM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: AiX client password problem
>
>
>         Can anyone share some light on a question I
> have. One of my AIX
> clients backup failed due to a password problem.
>       The client log gave a ans0282e password file
> is not available error.
> The TSM log gives a ANR0424W session refused
>       invalid password submitted. If we reset the
> password and then rerun
> the job it works ok, but the AIX guys are asking
>       me what happened and I don't know what to tell
> them. This is the
> second client that this has happened on, and I have
>       the password expiration set to 9999. My server
> is TSM 4.1.0 and the
> client is 4.1.2.0
>
>
>       Thanks
>       Mike Anderson
>       Michael_Anderson AT hmis DOT org
>
>
> CONFIDENTIALITY NOTICE: This e-mail message,
> including any attachments,
> is for the sole use of the intended recipient(s) and
> may contain
> confidential
> and privileged information. Any unauthorized review,
> use, disclosure or
> distribution is prohibited. If you are not the
> intended recipient, please
> contact the sender by reply e-mail and destroy all
> copies of the original
> message.


__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Process priority, Ramnarayan, Sean A [EDS]
Next by Date:  Re: Process priority, Loon, E.J. van - SPLXM
Previous by Thread:  Re: AiX client password problem, Prather, Wanda
Next by Thread:  Re: fioScanDirEntry(): Can't map object 'xxxx' into the local ANSI c odepage, skipping ..., Andrew Raibeck
Indexes:  [Date] [Thread] [Top] [All Lists]