APRM Versions V5R3M1 through V5R4M3 with non-USA language identifier and/or job CCSID.

Problem Summary

APRM's signon to the HMC can fail with rejected password.

Background

The encrypted password for HMC access by APRM is stored in a disk-based file in a large character field which is supplied at CCSID 37 (United States English).  This field gets its CCSID reassigned by the RSTLICPGM code to either the CCSID of the install job or to the system default.

Issue

When the communication parameters for the HMC are configured after product installation, the supplied password is encrypted into a long binary string and stored in data file APRMHMCUSR with the CCSID assigned by RSTLICPGM.  This data will be translated according to any differences between the user's job CCSID and the character field's CCSID.  When APRM is started, the batch jobs are assigned CCSID 37 because the files had that CCSID for character files when shipped.  The result is that the HMC interface batch job, APRMSSHSPT, gets a translated version of the encrypted binary password field.  If, at any point in this chain, any CCSID other than 37 was used, this translation usually fails to decrypt properly and, therefore, the HMC rejects the password as invalid.

Solution

The files must have their character fields forced to CCSID 37 where they will actually hold character data and forced to CCSID 65535 (no translation) where they will hold arbitrary binary data that should not be translated between code pages.  After this has been done it will be necessary to re-enter passwords for all HMC communication entries via CFGAPRM option 10.

A "patch" has been developed and can be downloaded from the www.barsaconsulting.com web site (as described below).  The patch consists of complete DDS source code for the APRM data files and a CLLE program that will perform a CHGPF command for each file specifying the DDS source to redefine the CCSID for every character field in each file.  This process may not affect the integrity any of the stored data except for the five (5) occurrences of "binary" fields, but it is still recommended that you review the configuration data you have entered via CFGAPRM for any discrepancies.  If you have entered any HMC communications entries and your APRM data files' character fields were not assigned CCSID 37, you may need to adjust their content.  These fields are TCP/IP addresses for your partitions and for the HMC and user profile names for APRM messages.  APRM itself stores some character-mode data in other fields, but this will correct itself after APRM is restarted.

If your System Values are all set to United States standard settings and all your APRM-authorized users stay with those settings in all your partitions, then you do not need this "patch".  APRM releases after V5R4M3 will include the effect of this patch; APRM releases before V5R3M1 do not interact with the HMC and, therefore, do not need this patch either.

The steps to obtain and apply this "patch" are:

• 1. Download the patch.

• 2. Install the patch code into a new library.
• 3. Quiesce APRM in the partition so that all the data files can be modified.
• 4. Apply the patch.
• 5. Correct any previously-entered HMC passwords.
• 6. Start APRM and observe the starting process to assure successful problem correction.

1. Download the patch.

There are three copies of this patch available on the Barsa web site.  The reason for three copies is that some browsers attempt to display the content of files as text when they have no specific associated application.  You may have to try more than one of these before you find one that allows you the option to "save to disk".  When you do have the option, save the file to your local hard drive.  The links are:

   http://www.barsaconsulting.com/download/CCSIDPATCH
   http://www.barsaconsulting.com/download/CCSIDPATCH.exe
   http://www.barsaconsulting.com/download/CCSIDPATCH.savf

2. Install the patch code into a new library.  (Note: if you choose to use the library name from which the patch code was saved, then this library will be named CCSIDPATCH.  The following commands assume that library name).

A)  Create an empty save file in a convenient library.  For the purposes of this discussion, we assume that you will use library QGPL and a *SAVF name of CCSIDPATCH.  For this, use:

   CRTSAVF  QGPL/CCSIDPATCH

B)  Copy the downloaded file to an IFS directory of your choice.  For the purposes of this discussion, we assume the directory is /tmp and the downloaded file is named CCSIDPATCH.  You can use FTP (in BINARY mode, please) if you are familiar with it or you can map a network drive on your desktop computer to the IFS directory and perform the copy with the normal facilities of your desktop operating system.  For Windows, use the Windows Explorer.  Note: You can, if you wish, simply use FTP to copy the downloaded file directly to the *SAVF instead - in Binary with replace - (and, of course, omit step C).

C)  Copy the content of the downloaded file to the *SAVF:
   CPYFRMSTMF FROMSTMF('/tmp/CCSIDPATCH') TOMBR('/qsys.lib/qgpl.lib/ccsidpatch.file') MBROPT(*REPLACE) CVTDTA(*NONE)

D)  Restore the objects from the *SAVF to a library of your choice.  For the purposes of this discussion, we assume that you will use a library name of ANYOLDLIB - if you prefer to use the name CCSIDPATCH, just omit the RSTLIB parameter:

   RSTLIB SAVLIB(CCSIDPATCH) DEV(*SAVF) SAVF(QGPL/CCSIDPATCH) [ RSTLIB(ANYOLDLIB) ]

This new library will contain four (4) objects, all of them owned by QBARSAOWN.  The objects are:

	FIXPF	*PGM	Change physical files used by APRM using DDS
	QCLSRC	*FILE	Source for the FIXPF CLLE module
	QDDSSRC53	*FILE	Changed DDS for physical files used by APRM V5R3M*
	QDDSSRC54	*FILE	Changed DDS for physical files used by APRM V5R4M*

3. Quiesce APRM in the partition so that all the data files can be modified.

Use command ENDAPRM. Observe any APRM job(s) that may still be running in SBS(QSYSWRK).  This can be done by the use of the command WRKACTJOB SBS(QSYSWRK).  Jobs starting with the letters APRM should have terminated within about 3 seconds.  If any remain, end them with option 4, prompt (with the F4 key) and choose OPTION(*IMMED).

4. Apply the patch.

A)  The following step will print "compile" listings for each of the more-than-20 files being changed.  You may wish to either hold this printing or direct it to a specific output queue.  If so, before you call the program in step B below, execute an override such as:

   OVRPTRF  *PRTF  OUTQ(yourlib/yourqueue)  HOLD(*YES)

B)  Assuming that you used library name CCSIDPATCH, use the following command:

   CALL  CCSIDPATCH/FIXPF

If you used a different library name, substitute it for CCSIDPATCH in the above command.

C)  If you did override all printer files, you may wish to delete this override for future files in the same job:

   DLTOVR  *PRTF

5. Correct any previously-entered HMC passwords.

Use command CFGAPRM. Select option 10 (HMC Connection Entries) and then, for each entry, use option 2=Edit.  Retype the password and press ENTER to perform the update.

6. Start APRM and observe the starting process to assure successful problem correction.

Use command STRAPRM. Observe any APRM job(s) as they start in SBS(QSYSWRK).  This can be done by the use of the command WRKACTJOB SBS(QSYSWRK).  Jobs starting with the letters APRM should start to appear.  The first one will be APRMSTART which initiates the remaining jobs.

© Copyright 2007 Barsa Consulting Group, LLC. All rights reserved.