OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: AIX Service Mail Server (aixserv_at_austin.ibm.com)
Date: Tue Jul 09 2002 - 02:41:40 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    APAR: IY20781 COMPID: 5639I3500 REL: 310
    ABSTRACT: THE LOCAL CELL ENTRY SHOULD BE THE TOP ONE IN THE 'REALMS'

    PROBLEM DESCRIPTION:
    The local cell entry should be the top one in the 'realms'
    section of the file /etc/krb5.conf. If it is not at the top,
    local cell entry would be created again during the
    /etc/krb5.conf rebuild, and the earlier local cell entry
    would still remain. During this process, any entries
    other than 'kdc' would be deleted.
    Customer is seeing this behaviour whenever pe_site file
    gets changed.
    When pe_site file gets re-built, this /etc/krb5.conf file
    would also be re-built.

    PROBLEM SUMMARY:
    In the realms section, if the local cell entry is not at
    the top then another entry for the local cell will be
    added. The old entry of the local cell would still
    remain. In the process, any information other than
    KDC entries will no longer be applicable as the
    new local entry would contain only kdc info and other
    information will not be present.

    PROBLEM CONCLUSION:
    The parsing logic in rebuild_krb5_cnf() has been modified
    to correct this erroneous behaviour.

    ------

    APAR: IY23015 COMPID: 5765D5100 REL: 311
    ABSTRACT: NODECOND_MCA NEEDS TO HANDLE 10/100 ADAPTERS

    PROBLEM DESCRIPTION:
    nodecond_mca does not currently recognize the
    10/100 Mbs Ethernet TX MC Adapter. It terminates with the msg:
    the first ethernet adapter detected is not a supported
    installation adapter.
    The code needs to be modified to recognize this supported
    adapter.

    LOCAL FIX:
    Manual node conditioning can be used to select this adapter.

    PROBLEM SUMMARY:
    nodecond_mca does not currently recognize the
    10/100 Mbs Ethernet TX MC Adapter. It terminates with the
    message that the first ethernet adapter detected is not a
    supported installation adapter.
    The code needs to be modified to recognize this supported
    adapter.

    PROBLEM CONCLUSION:
    nodecond_mca has been modified to recognize the
    10/100 Mbs Ethernet TX MC Adapter.

    ------

    APAR: IY23359 COMPID: 5639I3700 REL: 310
    ABSTRACT: SECURITY HOLE IN SCRIPTS

    PROBLEM DESCRIPTION:
    A security exposure exists in the DCE SMIT panels and in
    some of the configuration commands. System commands are
    called with fully qualified paths.

    PROBLEM CONCLUSION:
    Fully qualify all commands that are "exec'ed" from TCL
    scripts.

    ------

    APAR: IY24222 COMPID: 5639I3500 REL: 310
    ABSTRACT: GSS_DELETE_SEC_CONTEXT NOT RELEASING LOGIN CONTEXT

    PROBLEM DESCRIPTION:
    When calling gss_accept_sec_context the api
    gss_release_sec_context does not release the login
    context. Other leaks are present.

    PROBLEM SUMMARY:
    DCE Memory leak using delegation and gssapi.

    PROBLEM CONCLUSION:
    Fix the leak in the gssapi code.

    ------

    APAR: IY24537 COMPID: 5765E5100 REL: 601
    ABSTRACT: STOPPING CSAIX CAUSES SYSTEM CRASH IN SNA_MUX

    PROBLEM DESCRIPTION:
    Customer has many system crash at termination of Communication
    Server. The reason of crash is overlaying kernel area,
    AIX C/T suggested to enable MODS(Memory Overlay Detection
    System), and got new dumps.
    DUMP shows sna_mux:vmx_get_status+42c is accessing freed
    area at 0x30c7d038, which had previously freed by vba_os_free.

    PROBLEM SUMMARY:
    System crash stopping CSIAX with MST stack trace showing IAR
    sna_mux : vmx_get_status +42c 077A8B9C lwz r3,0x4(r3).
    sna_mux : vmx_get_status +420 077a8b90
    sna_mux : vnx_ioctl +254 0776bf14
    sna_mux us accessubg freed area which had previously been freed
    by vba_os_free.

    PROBLEM CONCLUSION:
    The memory debug pinpointed the problem exactly. CS/AIX was
    looking at a message type just after releasing the memory.

    ------

    APAR: IY24620 COMPID: 5765E5100 REL: 600
    ABSTRACT: CS/AIX DOES NOT RECOGNIZE VALID GROUP NAME IN TP LOAD DEFINITION

    PROBLEM DESCRIPTION:
    The MQSeries transaction program MQRECVT requires the group
    parameter of the TP load definition be set to "mqm". This group
    is validly defined in /etc/group, and the system lsgroup command
    returns good results on that group. When a transaction is
    attempted that uses this transaction program, CS/AIX produces an
    error indicating "4099-10 Cannot start TP. The configured group
    name is invalid."

    PROBLEM SUMMARY:
    Cannot dynamically load an EXTENDED APPC
    application when the GROUP parameter is configured.

    PROBLEM CONCLUSION:
    A call to initgroups failed after a call to
    setpcred. Changed order of calls so initgroups is called first.

    ------

    APAR: IY24627 COMPID: 5639I3400 REL: 310
    ABSTRACT: DCE LOGIN SUCCESSFUL MESSAGE OUTPUT GETS SENT TO STDERR

    PROBLEM DESCRIPTION:
    Upon successful dce_login, the DCE LOGIN SUCCESSFUL is sent
    to stderr when it should be sent to stdout.

    LOCAL FIX:
    Fixed the code to send the output to stdout

    PROBLEM CONCLUSION:
    Fixed the code to send the output to stdout.

    ------

    APAR: IY24657 COMPID: 5765E5100 REL: 601
    ABSTRACT: ERRNO IS SET INCORRECTLY IF BLOCK LENGTH IN READX IS TOO LARGE

    PROBLEM DESCRIPTION:
    When xmattach fails to attach emorous memory block (due
    to floating value of parameter) the back level APPC program
    gets a -1 return code. The code failed to map this to a valid
    +ve return code.

    PROBLEM SUMMARY:
      USERS AFFECTED: ALL
      PROBLEM DESCRIPTION:
      When the back-level API call "readx" is issued with the length
      parameter set too large, readx incorrectly sets errno = -1.
      PROBLEM SUMMARY:
      In an error condition, readx is expected to return -1 and set
      errno to a positive integer (defined in /usr/include/errno.h)
      to indicate the error.

    PROBLEM CONCLUSION:
    When xmattach fails to attach a very large memory block (due to
    floating value of parameter) it returns -1. The code failed to
    map this to an appropriate errno value. The code has been
    corrected to map this failure to errno 12 - ENOMEM.

    ------

    APAR: IY24710 COMPID: 5639I3500 REL: 310
    ABSTRACT: <SECD CORE DUMP IN RSEC_KRB5RPC_SENDTO_KDC()

    PROBLEM DESCRIPTION:
    There is a possibility of core dump due to SEGV in
    rsec_krb5rpc_sendto_kdc() immediately after returning from a
    call to decode_krb5_tgs_req() or decode_krb5_as_req().
    A pointer will have an invalid value in case an error
    condition was encountered inside the decode_krb5_...() call and
    a core will result when an attempt to dereference it is made.
    The core stack is:
       rsec_krb5rpc_sendto_kdc()
       op0_ssr()
       rpc__dg_execute_call()
       cthread_call_executor()
       dce_pthread_start()

    LOCAL FIX:
    Restart secd.
    Problem occurs only in case of rare error conditions.

    PROBLEM SUMMARY:
    secd process core dumps due to SEGV in
    rsec_krb5rpc_sendto_kdc().

    PROBLEM CONCLUSION:
    Check for NULL 'tgs_req' pointer after return from
    decode_krb5_tgs_req() function. Similar check done
    for the 'as_req' pointer also.

    TEMPORARY FIX:
    Restart secd. Problem occurs only in case of rare error
    conditions.

    ------

    APAR: IY24845 COMPID: 5765E5100 REL: 600
    ABSTRACT: CONFIG DAEMON SHOULD NOT ALLOW CHANGE OF PU_NAME

    PROBLEM DESCRIPTION:
    sna config daemon should not allow pu_name to be changed

    PROBLEM SUMMARY:
    User can alter PU name in Link station if node is inactive.

    PROBLEM CONCLUSION:
    Change made to reject a define_xxx_ls for an existing ls if the
    pu_name or dspu_name is being changed when the node is inactive.
    This is already rejected when the node is active.

    ------

    APAR: IY24955 COMPID: 5765E5100 REL: 601
    ABSTRACT: CS/AIX USES SESSION PACING TO STOP HPR DATA FLOW UNDER RTP

    PROBLEM DESCRIPTION:
    When a "particular stress RTP situation" is encountered, CS/AIX
    uses session pacing to stop data flow and never resumes. Another
    symptom is that in a line trace, translation of NLP frames
    ceases.

    PROBLEM SUMMARY:
    Application stops receiving data on HPR-
    enabled link. Trace shows RX frames not passed from NLP layer
    to DLC layer.

    PROBLEM CONCLUSION:
    The HPR window algorithm has been changed to correct the
    problem.

    ------

    APAR: IY25477 COMPID: 5639I3900 REL: 310
    ABSTRACT: DCED CORE DUMP AFTER IP ADDRESS CHANGE

    PROBLEM DESCRIPTION:
    After changing the ip address of a DCE server (although
    the problem probably exists on a client machine as well),
    dced can core dump when restarted after the address change.
    This is because there is a problem with the -t 0 option for
    dced on Solaris, i.e. it doesn't work.
    The stack of the core will look like:
    => 1 rebuild_krb5_cnf(0x1c1f60, 0x109798,
    0x1bf9b2, 0x1, 0x1cadf8, 0x0), at 0x3c740
       2 scd_update_pesite(0xc0b64, 0x0, 0xfef9bce4,
    0xfe871ae0, 0xac49c, 0xfef75158), at 0x3bb34
       3 siteupdate_handler(0xc7b80, 0x0, 0xc,
    0xff24cae4, 0x4, 0x129a18), at 0x31ce0
       4 dce_pthread_start(0x129a18, 0xfefaf194,
    0xfef75158, 0x129a18, 0x1, 0xff24cae4), at 0xfee24f78
    So dced keeps trying to update the pe_site file even
    though -t 0 tells it not to, and we end up with the
    secondary problem of the core dump.

    LOCAL FIX:
    For a replica or client machine:
    unconfig, change ip address, reconfig
    There is also a fix in ptfset 5 which introduces a new dced
    flag (-n) which tells dced not to update the pe_site file
    when starting up.

    PROBLEM SUMMARY:
    ced can core dump with the following stack when
    starting up:
    => 1 rebuild_krb5_cnf(0x1c1f60, 0x109798,
    0x1bf9b2, 0x1, 0x1cadf8, 0x0), at 0x3c740
       2 scd_update_pesite(0xc0b64, 0x0, 0xfef9bce4,
    0xfe871ae0, 0xac49c, 0xfef75158), at 0x3bb34
       3 siteupdate_handler(0xc7b80, 0x0, 0xc,
    0xff24cae4, 0x4, 0x129a18), at 0x31ce0
       4 dce_pthread_start(0x129a18, 0xfefaf194,
    0xfef75158, 0x129a18, 0x1, 0xff24cae4), at 0xfee24f78

    PROBLEM CONCLUSION:
    Within rebuild_krb5_cnf() if the serverlist is NULL,
    we should simply return instead of de-referencing
    the serverlist.

    TEMPORARY FIX:
    Run dced -n which won't update the pe_site
    or krb.conf files

    ------

    APAR: IY25760 COMPID: 5765E5100 REL: 600
    ABSTRACT: CS/AIX APPLICATION CAN NOT START CONVERSATION AFTER REMOTE

    PROBLEM DESCRIPTION:
    After a remote host is reset, a local application attempting
    to allocate a new conversation hangs waiting for the allocate
    response.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      After a remote host is reset, a local application attempting
      to allocate a new conversation hangs waiting for the
      allocate response. CS/AIX does not send a BIND to activate a
      new session and does not respond to the allocate request.
      The problem is caused by a CNOS race condition during the
      reset of the remote system.
      PROBLEM SUMMARY:
      When the remote system is reset and issues a CNOS reset to
      reseet session limits to 0 and drain all active sessions,
      CS/AIX accepts the reset and issues UNBINDs for all sessions
      for which CS/AIX is primary.
      The problem occurs when a local application attempts to
      allocate new conversations on sessions for which the remote
      node is primary but CS/AIX has not yet received UNBINDs to
      deactivate them after the session limit reset.
      This causes some problems internal to CS/AIX, so no response
      is generated to the allocate, and eventually the mode gets
      stuck so no conversations can be started.

    PROBLEM CONCLUSION:
    CS/AIX internal code has been corrected to reject ALLOCATE
    requests under the following conditions:
     - when the session limit on the mode has been reset but the
       session count is still non-zero
     - when an initialize session limit (triggered by the
       ALLOCATE if automatic CNOS is allowed) gets negotiated to
       be a reset session limit (session limit = 0) by the
       remote node

    ------

    APAR: IY26066 COMPID: 5765E5100 REL: 600
    ABSTRACT: MULTIPLE CONVERSATIONS FAIL WITH TP_BUSY WHEN ISSUED FROM THE

    PROBLEM DESCRIPTION:
     Customer has an application in an AIX machine that uses the ser
     which provides the CBTF to invoke transactions in one IMS throu
     one LU6.2
     ALL proccess of invocation work correctly , but the problem app
     when two or more requests are done simultaneously
     because then only one of them invokes the transaction
     while the rest return an error, in the 'allocate' of the conver
     or in the method 'sendAndPrepareToReceive'.
     In both cases the return code is 20
    The error messages that arrive to application are, respectively,
     following:
     com.ibm.dse.services.comms.DSELu62InvalidRequestException:
     Allocate execution was unsuccessful.
     com.ibm.dse.services.comms.DSELu62InvalidRequestException:
     sendAndPrepareToReceive execution was unsuccessful.

    PROBLEM SUMMARY:
    THe problem is caused when a CPI-C app. (java) issues multiple
    verbs at once from the same TP instance.
    The problem only occurs because the application is doing the
    following:
    Issuing incoming (cmaccp) and outgoing (cminit) conversations
    in the same process.
    Issuing multiple converstaions using multi-threading.
    Using Synchronous verbs (mandatory for java CPIC).

    PROBLEM CONCLUSION:
    Libcpic_r.o changed to handle appl issuing incoming and
    outgoing conversations in the same process.

    TEMPORARY FIX:
    Modify appl. to issue tp-start for each outgoing
    conversation.

    ------

    APAR: IY26291 COMPID: 5639I3700 REL: 310
    ABSTRACT: PAUL HENSON WANTED A NEW FUNCTION TO RETURN CACHE FILENAME

    PROBLEM DESCRIPTION:
    DCE 3.1 for Solaris changes the behavior of the
    sec_login_valid_and_cert call. Under DCE 2.0 for Solaris,
    this call chowns the credential files to the appropriate
    local uid. Under DCE 3.1, this no longer occurs. I
    disagreed with this change at the time, but having upgraded
    to DCE 3.1, I now need a workaround.
    There are some cases where a workaround is apparent. For
    example, a process that calls sec_login_setup_identity,
    sec_login_valid_and_cert_ident, and sec_login_set_context
    as root can chown the files before calling setuid. I
    believe the PAM module for DCE 3.1 fits this category. It
    seems the only way to determine the name of the cred files
    is to check the KRB5CCNAME env variable after calling
    set_context? Can you verify if this is the method the PAM
    module uses?
    Unfortunately, there are other cases where a workaround is
    not clear. Consider a process that calls
    sec_login_setup_identity, sec_login_valid_and_cert_ident,
    then setuid before sec_login_set_context. Given that there
    is no apparent way to determine the name of the credential
    files before calling set_context, how would this process
    chown the credentials?
    Another case is a process that calls setup_identity,
    sec_login_valid_and_cert_ident, but never calls set_context
    and uses the context directly to establish authentication
    for RPC handles.
    Please provide a workaround for the new behavior of
    sec_login_and_cert_ident that will allow programs that used
    to work under DCE 2.0 to operate under DCE 3.1.
    I still assert that the old behavior was correct and that
    the supposed security issue "fixed" by the change wasn't an
    issue unless the API was abused.

    PROBLEM CONCLUSION:
    Introduced a new function sec_login_return_cred_file_name
    which will return the cred file name. So the customer can
    chown the filename. But the customer has to free the
    pointer returned with the filename.

    ------

    APAR: IY26318 COMPID: 5639I3900 REL: 310
    ABSTRACT: DB2 APPLICATION CORE DUMP IN DCE 3.1 SOLARIS

    PROBLEM DESCRIPTION:
    DB2 application coredumped with the following stack
    sec_krb_gss_build_message
    gss_init_sec_context_internal
    gss_init_sec_context

    PROBLEM CONCLUSION:
    In sec_krb_gss_build_message function in seca_gss.c file,
    the static array of 2048 is not enough. Now the fix is to
    allocate 8192 size memory for the array.

    ------

    APAR: IY26460 COMPID: 5639I3700 REL: 310
    ABSTRACT: SECD CORE DUMPING WHILE ADDRESSING AN UNSUPPORTED ENCRYPTION

    PROBLEM DESCRIPTION:
    A client request with an unsupported encryption
    type is causing the security server to core dump.

    PROBLEM SUMMARY:
    secd core dumping when addressing an unsupported encryption
    type.

    ------

    APAR: IY26629 COMPID: 5639I3700 REL: 310
    ABSTRACT: 'DCECP -C PRINC RENAME' RENAMES A PRINCIPAL TO A NULL STRING

    PROBLEM DESCRIPTION:
    Using the "dcecp -c princ rename" command, customer is able
    to create a principal with the null character as the only
    character in the name. Later the customer is unable to
    delete this null character principal.

    LOCAL FIX:
    "dcecp -c princ rename" has been corrected to disallow
    dce from accepting null-string as the principal name.

    PROBLEM SUMMARY:
    customer is able to create a principal with a null character
    as the only character in the name. Later on, no operations
    are allowed on this principal as it has null-character
    as its name.

    PROBLEM CONCLUSION:
    New code for data input validation is added so that DCE will
    disallow a user from renaming a principal to null-character.

    ------

    APAR: IY26737 COMPID: 5639I3500 REL: 310
    ABSTRACT: CONFIG/UNCONFIG SNIFF HANGS IF CDS IS DOWN

    PROBLEM DESCRIPTION:
    config.dce, unconfig.dce, start.dce, or stop.dce appears to
    hang with the following line being the last in
    /opt/dcelocal/etc/cfgdce.log:
    "Querying the currently configured cell name."

    PROBLEM CONCLUSION:
    The api that was hanging was put in another thread so that
    it could be stopped if it took to long.

    ------

    APAR: IY26746 COMPID: 5639I3500 REL: 310
    ABSTRACT: CONFIG FAILS WHEN THERE IS NO /ETC/ENVIRONMENT FILE

    PROBLEM DESCRIPTION:
    config.dce will fail on a full or local configuration if
    there is not /etc/environment (AIX) or /etc/default/init
    (Solaris) file.

    PROBLEM CONCLUSION:
    The routine that adds DCE environment variables will create
    this file if it doesn't exist, or append entries to it if
    it does exist.

    ------

    APAR: IY26769 COMPID: 5639I3500 REL: 310
    ABSTRACT: DCE EXPORTING WRONG INTERFACE ID

    PROBLEM DESCRIPTION:
    DFS and any other application depending on the self
    binding will fail after restart with the new ip address.

    PROBLEM CONCLUSION:
    Remove the object modify command and replace it with
    rpcentry unexport and export commands in cds_cl_start.

    ------

    APAR: IY26808 COMPID: 5639I3500 REL: 310
    ABSTRACT: LEGACY: INVALID FREE() IN RS_ATTR_DELETE() CORRUPTS HEAP

    PROBLEM DESCRIPTION:
    Running with Audit, corrupting heap could core SECD when
    deleting attributes.

    PROBLEM CONCLUSION:
    Initialize the existing_attrs variables.

    ------

    APAR: IY26854 COMPID: 5639I3700 REL: 310
    ABSTRACT: DCED COREDUMPS IN MORESPACE()

    PROBLEM DESCRIPTION:
    dced coredumps with the following stack:
    Segmentation fault in morespace at 0xd04bde40 ($t10)
    0xd04bde40 (morespace+0x54) 90030018 st r0,0x18(r3)
    (dbx) where
     morespace(??) at 0xd04bde40
     getspace(??) at 0xd04befa4
     rpc__mem_alloc(??, ??, ??) at 0xd04be388
     pkt_alloc() at 0xd065b38c
     rpc__dg_pkt_alloc_rqe(??) at 0xd065c504
     rpc__dg_network_select_dispatch(??, ??, ??, ??) at 0xd066f284
     lthread_loop() at 0xd067d200
     lthread(??) at 0xd067d4b0
     pthread._pthread_body(??) at 0xd012a358
    (dbx)

    PROBLEM SUMMARY:
    dced coredumps in morespace()

    PROBLEM CONCLUSION:
    This problem has been corrected by making relevant
    code changes.

    ------

    APAR: IY27177 COMPID: 5639I3400 REL: 310
    ABSTRACT: TCL LOOP IN 'CELL PING -C' CAUSES PERFORMANCE HIT

    PROBLEM DESCRIPTION:
    The following code from CMVC 22181:
    _dcp_cell_debug "Emumerating namespace: $cell_name/hosts"
    set name_space _dcp_enumerate_namespace $cell_name/hosts
    set dts_entity_list _dcp_list_find $name_space *dts-entity
    foreach srv "dts-entity" {
    if { catch {dts show $element/$srv} msg == 0 } {
    in cell.dcp causes increasingly-long execution delays in
    cells of any appreciable size when performing cell ping -c
    commands; the code above is called in a loop and thus the
    "_dcp_enumerate_namespace" call is forced to enumerate the
    entire cell as each host is pinged. This delay is not
    noticeable in smaller (<5 machine) cells, but in a larger
    cell with 66 clients it results in a delay of ~30 seconds
    between each system ping.

    PROBLEM SUMMARY:
    long delay's in 'cell ping -c' o/p when
    used in bigger cells.

    PROBLEM CONCLUSION:
    TCL loop causing the long execution delay in cell.dcp
    is fixed.

    ------

    APAR: IY27216 COMPID: 5639I3500 REL: 310
    ABSTRACT: MISSING ':' IN TCL CAUSES ERROR

    PROBLEM DESCRIPTION:
    An earlier fix (67638) somehow lost a semicolon that was
    needed to terminate the TCL line. This resulted in errors
    when a 'cell ping -c' was executed.

    PROBLEM CONCLUSION:
    Added ';' at the end of the code but before the beginning
    of the #CMVC comment.

    ------

    APAR: IY27503 COMPID: 5639I3400 REL: 310
    ABSTRACT: CALLS TO MIT/SUN KINIT FAIL: MISSING RPC_SS_ENABLE_ALLOCATE

    PROBLEM DESCRIPTION:
    PTF4 introduced a call to rpc_ss_allocate() in the
    kdc_run() thread. However, some MIT and Sun kinit releases
    are causing secd cores since rpc_ss_enable_allocate()
    was not called to initialize the environment in this thread.
    Solution is to add this call during thread start-up.

    PROBLEM SUMMARY:
    calls to MIT/Sun kinit might fail.
    Also this could result in secd core dump because of missing
    rpc_ss_enable_allocate() in kdc_run().

    PROBLEM CONCLUSION:
     rpc_ss_enable_allocate() was used during thread startup
    to initialize the environment in kdc_run() thread.

    ------

    APAR: IY27509 COMPID: 5639I3500 REL: 310
    ABSTRACT: MESSAGE ERROR IN CELL.DCP: BAD OUTPUT FROM CELL PING -R

    PROBLEM DESCRIPTION:
    Yet another bad msgid in cell.dcp; when a user selects a
    cell ping -r and a CDS server is down, the command should
    report that "server %s did not respond." Instead it says
    "error: dce servers available." Fix: change message ID
    in this area from 053 to 051.

    PROBLEM SUMMARY:
    when a user runs a "cell ping -r" and a CDS server is down,
    the command should report that "server %s did not respond."
    Instead it says "error: dce servers available."

    PROBLEM CONCLUSION:
    Message ID is fixed to display the correct error message.

    ------

    APAR: IY28044 COMPID: 5639I3500 REL: 310
    ABSTRACT: SECD CORE DUMPING

    PROBLEM DESCRIPTION:
    Secd will core dump with the following stack because of
    a bug in "ERROR HANDLING" block of code in secd.
    warning: could not locate trace table from starting
    address 0x0
    verify_enc_timestamp()
    check_padata()
    process_as_req()
    dispatch()
    process_packet()
    listen_and_process2()
    kdc_run()
    start_kerberos_task()
    pthread._pthread_body()
    The block was exposed when another apar 26460 was
    introduced to solve the issue of security core dumps
    while it was addressing unsupported encryption type.

    PROBLEM SUMMARY:
    Secd will core dump with the following stack because
    of a bug in "ERROR HANDLING" block of code in secd.

    ------

    APAR: IY28791 COMPID: 5765E5100 REL: 610
    ABSTRACT: SMIT COPY PARTNER LU FUNCTION FAILS WITH ERROR: RESOURCE IS

    PROBLEM DESCRIPTION:
    Communications Server for AIX V6 and V6.1
    Using SMIT to copy a partner LU definition fails with error:
       Error: Resource is already defined

    PROBLEM SUMMARY:
    USERS AFFECTED: ALL
    PROBLEM DESCRIPTION:
    Using SMIT to copy an existing partner LU definition fails with
    the error "Error: Resource is already defined".
    PROBLEM SUMMARY:
    The Copy Partner LU screen in SMIT does not allow the LU alias
    to be changed when making the copy. The causes the error because
    the alias duplicates the alias in the original partner LU
    definition.

    PROBLEM CONCLUSION:
    The SMIT screen was corrected to allow the LU alias to be
    changed.

    TEMPORARY FIX:
    Do not use the copy function; add a new LU
    with the desired settings.

    ------

    APAR: IY28842 COMPID: 5639I3700 REL: 310
    ABSTRACT: DCECP ACL EDIT FAILS ON ENTRIES CONTAINING SPACES

    PROBLEM DESCRIPTION:
    dcecp acl edit attempts fail when working on entries that
    contain embedded spaces (e.g. acl mod /.:/foo bar). As
    this was corrected in transarc release 2.0 under delta
    srikanth-19711-dcecp-fix-acl-show-with-embedded-spaces we
    need to add the same functionality to 3.1

    LOCAL FIX:
    use manual sec_acl_edit utility to manage these acls until
    a fix is made to dcecp.

    PROBLEM SUMMARY:
    The acl edit command will fail when entries (e.g. names,
    file names, principals...) contain embedded spaces since
    the command fails to traverse the space and evaluate the
    entry as a whole

    PROBLEM CONCLUSION:
    Made necessary changes to code

    ------

    APAR: IY28862 COMPID: 5765E5100 REL: 601
    ABSTRACT: CSAIX: SMIT FAILS TO START OR STOP A SESSION WITH A BLANK

    PROBLEM DESCRIPTION:
    Communications Server for AIX V6
    When using SMIT to attempt to start or stop a session with a
    blank mode name, the attempt fails with the error message:
        Supplied value for field mode_name has invalid type.
    These sessions can be successfully started and stopped using
    xsnaadmin and snaadmin.

    PROBLEM SUMMARY:
      USERS AFFECTED: ALL
      PROBLEM DESCRIPTION: When using SMIT to attempt to start or
      stop a session with a blank mode name, the attempt fails with
      the error message "Supplied value for field mode_name has
      invalid type."
      PROBLEM SUMMARY:
      Using F6 to view the command that SMIT is using, the value for
      mode_name='" "' is what is causing the error. Running
      the same comand from the command line, but changing the value
      for mode_name=" " succeeds.

    PROBLEM CONCLUSION:
    Corrected script to handle this correctly.

    ------

    APAR: IY28866 COMPID: 5765E5100 REL: 601
    ABSTRACT: CSAIX: ATTEMPTS TO START SESSIONS FAIL. SNA ERROR LOG RECORDS:

    PROBLEM DESCRIPTION:
    Communications Server for AIX V6
    Attempts to start LU 6.2 sessions failed. The /var/sna/sna.err
    log records:
    256-13 Not enough buffers to create new buffer pool.
    512-460 Node could not allocate sufficient memory.
    The command `snaadmin query_buffer_availability` returns field
    max_buf_res_use_bytes = 4294967295
    (the largest 32-bit value possible).

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      Attempts to start LU 6.2 sessions failed. The
      /var/sna/sna.err log records:
      256-13 Not enough buffers to create new buffer pool.
      512-460 Node could not allocate sufficient memory.
      PROBLEM SUMMARY:
      The command `snaadmin query_buffer_availability` returns
      field max_buf_res_use_bytes = 4294967295 (the largest
      32-bit value possible). The system is not exhibiting any
      other signs of any resource shortage.

    PROBLEM CONCLUSION:
    An internal variable tracking buffer usage went negative,
    appearing to be just a few bytes short of maximum value.
    The code has been corrected to protect this variable
    against going negative.

    ------

    APAR: IY28872 COMPID: 5765E5100 REL: 601
    ABSTRACT: CSAIX: NODE FAILS TO START DUE TO INVALID_MODE_NAME

    PROBLEM DESCRIPTION:
    Communications Server for AIX V6
    An invalid mode name is allowed to be configured, then the node
    fails to start, producing the error message:
    init_node command failed :
    primary_rc = STATE_CHECK, secondary_rc = RESOURCE_NOT_LOADED
    The /var/sna/sna.err log records:
    define_mode command failed :
    primary_rc = PARAMETER_CHECK, secondary_rc = INVALID_MODE_NAME
    and
    Failed to load the Node's configuration.
    Primary return code = 0x0200
    Secondary return code = 0x0000554D

    LOCAL FIX:
    Delete the invalid mode definition.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      A valid mode name is a Type-A EBCDIC character (A-Z 0-9 $ # )
      and the first character must be A-Z (or # for architected
      modes). An invalid mode name is allowed to be defined when the
      node is inactive but not when the node is active. When an
      invalid mode name is defined, the node will fail to start.
      An invalid mode name is allowed to be configured, then the nod
      fails to start. The command "snaadmin init_node" returns:
        init_node command failed :
        primary_rc = STATE_CHECK, secondary_rc = RESOURCE_NOT_LOADED
      The /var/sna/sna.err log records:
      4097-83
      The node could not be started because of a configuration error
      Node name = aix
      define_mode command failed :
      primary_rc = PARAMETER_CHECK, secondary_rc = INVALID_MODE_NAME
      mode_name = $TEST
      1-11
      Failed to load the Node's configuration.
      Primary return code = 0x0200
      Secondary return code = 0x0000554D

    PROBLEM CONCLUSION:
    Attempts to define an invalid mode name should fail, whether the
    attempt is through the configuration tools or a migration
    process. The configuration daemon has been corrected to reject
    attempts to define an invalid mode name.

    ------

    APAR: IY28890 COMPID: 5765E5100 REL: 601
    ABSTRACT: CS/AIX FAILS TO SEND AN IPR

    PROBLEM DESCRIPTION:
    Communications Server for AIX, Version 6
    With an application using the LUA API, under certain conditions,
    Communications Server fails to send an IPR to open a new pacing
    window.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      With an application using the LUA API, under certain
      conditions, Communications Server fails to send an IPR to
      open a new pacing window. Visible behavior is that traffic
      flow stops. The session appears to hang.
      PROBLEM SUMMARY:
      A line trace should show that a recent incoming RU will
      have the Pacing Indicator (PI) set to request a new pacing
      window. Communications Server should, but does not, then
      send an IPR to open a new pacing window. When the current
      pacing window is complete, the remote host quits sending
      data (as required by protocol) and is waiting for the IPR
      to open a new pacing window.

    PROBLEM CONCLUSION:
    This problem occurs when an LUA application is using a session
    that has outbound pacing and when normal flow DFC requests are
    received (such as BID). The internal algorithm that should send
    the IPR is incorrect. The algorithm has been corrected.

    TEMPORARY FIX:
    Disable pacing (specified in the BIND when activating the
    session).

    ------

    APAR: IY29135 COMPID: 5765E5100 REL: 600
    ABSTRACT: SNA_V5ROUTER CAUSES SYSTEM CRASH

    PROBLEM DESCRIPTION:
    AIX 433 system crash with following stack trace in system dump:
    > t -mk
    Skipping first MST
    MST STACK TRACE:
    0xf00005c0 (excpt=50d43000:42000000:0000780f:50d43000:00000106)
    (intpri=11)
       IAR: .[sna_v5router:nmd_utils_dispose_route_unit]+30
    (05123138): t
    wllti r3,0x200
       LR: .[sna_v5router:nmd_cfsm_next_fsm_action]+6c8
    (051324f8)
       2efe2858: .[sna_v5router:nmd_cfsm_next_fsm_action]+6c8
    (051324f8)
       2efe2978: .[sna_v5router:nmd_mscap_check_category]+2ec
    (05120edc)
       2efe29c8: .[sna_v5router:nmd_mscap_receive_error_notif]+94
    (05121204)
       2efe2a08: .[sna_v5router:nmd_error_new_error]+1ec (05124618)
       2efe2a68: .[sna_v5router:nmd_mds_process_outbound_reply]+290
    (0512ac04)
       2efe2ae8: .[sna_v5router:nmd_sndtp_empty_queue]+7c (0512e454)
       2efe2b28: .[sna_v5router:nmd_sndtp_alloc_rsp]+180 (0512ee84)
       2efe2b88: .[sna_v5router:nmd_mds_queue_handler]+dc (0512a294)
       2efe2bd8: .[sna_v5router:nba_dispatch_input]+290 (04fe171c)
       2efe2c38: .[sna_v5router:nba_dispatch_process]+c8 (04fe1df0)
       2efe2c88: .[sna_v5router:nba_scheduler]+200 (04fe25e0)
       2efe2ce8: .[sna_v5router:vpr_stream_uw_drive_scheduler]+2c
    (04fd5590)
       2efe2d28: .[sna_v5router:vpr_stream_uw_svc]+11c (04fd5a80)
       2efe2d78: .[pse:sq_wrapper]+ac (010f9554)
       2efe2db8: .[pse:csq_run]+23c (010ea018)
       2efe2e18: .[pse:csq_lateral]+a4 (010e908c)
       2efe2e78: .[pse:scheduled_run]+c8 (010f9e44)
       2efe2ed8: .Netintr+144 (000aadd8)
       2efe2f48: .netisr_thread+18 (000aac58)
       2efe2f88: .threadentry+18 (00084740)
       2efe2fc8: .low+0 (00000000)

    PROBLEM SUMMARY:
    System crash in sna_v5router.

    PROBLEM CONCLUSION:
    Problem caused where an implicit focal point has been defined,
    the link to it goes away and a link to a host is defined.
    The retry processing enters an invalid fsm state, which can
    cause memory overwrites and traps.

    ------

    APAR: IY29145 COMPID: 5765E5400 REL: 440
    ABSTRACT: DARE UNEXPECTEDLY BRINGS RESOURCE GROUPS ONLINE FOR NODES WHICH

    PROBLEM DESCRIPTION:
    The configuration is HAS 4.4.1 with two nodes, two cascading
    resource groups, with each node the highest priority node for
    one of the cascading resource groups. Cluster services are up
    on both nodes and each node has their resource group on line.
    Cluster services are stopped on one node, graceful, without
    takeover. A modification is made to the resource group that is
    online on the node with cluster services running and the
    resources are synchronized. When DARE completes both
    resource groups are brought online on. This is unexpected

    PROBLEM SUMMARY:
    The configuration is HAS 4.4.1 with two nodes, two cascading
    resource groups, with each node the highest priority node for
    one of the cascading resource groups. Cluster services are up
    on both nodes and each node has their resource group on line.
    Cluster services are stopped on one node, graceful, without
    takeover. A modification is made to the resource group that is
    online on the node with cluster services running and the
    resources are synchronized. When DARE completes both
    resource groups are brought online on. This is unexpected
    behavior.

    PROBLEM CONCLUSION:
    When dare attempts to syncronize a change, flat files will be
    written to with the state of all resource groups in the
    cluster. After the node writes this information to disk,
    clreconfig_resource_acquire and cl_reconfig_resource_release
    will check the state of the resource it is currently
    processing before importing or exporting that resource group.

    ------

    APAR: IY29252 COMPID: 5765E5400 REL: 441
    ABSTRACT: HAS/HAES: QUORUM SETTING NOT MAINTAINED ON VG DISCOVERY

    PROBLEM DESCRIPTION:
    The quorum setting for a VG is not maintained
    across the cluster for the HAES VG discovery
    operation. This is due to the fact that
    exportvg and importvg do not maintain that
    setting. HAES code must be changed to handle
    maintaining the parameter outside of the aix
    commands.

    PROBLEM SUMMARY:
    The quorum parameter is not held in the VGDA and does
    not persist across exportvg/importvg. This is the
    same behavior as the concurrent capability parameter.
    That parameter was already supported by the auto import
    feature in HAES and HACMP. I essentially just duplicated
    the concap parameter code to add support for the quorum
    parameter. The modified files are: clfind_shareable_vg.sh,
    claddres.c, clharvest_vg.sh, cl_importvg.cel, climportvg.sh,
    and cllsvgdata.sh.

    PROBLEM CONCLUSION:
    The quorum parameter is not held in the VGDA and does
    not persist across exportvg/importvg. This is the
    same behavior as the concurrent capability parameter.
    That parameter was already supported by the auto import
    feature in HAES and HACMP. I essentially just duplicated
    the concap parameter code to add support for the quorum
    parameter. The modified files are: clfind_shareable_vg.sh,
    claddres.c, clharvest_vg.sh, cl_importvg.cel, climportvg.sh,
    and cllsvgdata.sh.

    ------

    APAR: IY29274 COMPID: 5765E5400 REL: 441
    ABSTRACT: HACMP&ES: CLDARE SHOULD NOT SYNC ODM WITH EMULATE OPTION

    PROBLEM DESCRIPTION:
    cldare syncs the hacmp ODM eventhough EMULATE is chosen.

    LOCAL FIX:
    cldare should not sync the ODM when EMULATE is chosen.

    PROBLEM SUMMARY:
    If there is a change in resource groups and cldare
    is run with NOCONFIG and EMLATE options the databases
    are synced across the nodes.
    This Behavior is seen only with -n option to cldare i.e.
    Slecting "Un/Configure Cluster Resources?" option to no
    in smit panel.

    PROBLEM CONCLUSION:
    cldare should check for EMULATE and NOCONFIG options and
    display the commands instead of actually running them.

    ------

    APAR: IY29336 COMPID: 5639I3900 REL: 310
    ABSTRACT: USE GETTIMEOFDAY INSTEAD OF TIME IN RPC__CLOCK_UPDATE IN

    PROBLEM DESCRIPTION:
    A very high cpu consumption for what appears to be a
    pthread spawned within libdce itself was seen.
    The thread was "timer_loop".
    This will lead to performance degradation in
    an multi CPU environment.

    LOCAL FIX:
    In the timer loop routine in rpc runtime
    there was a call to system time() function.
    In Solaris time() function uses lot of
    system calls. So it was changed to
    gettimeofday call.

    PROBLEM SUMMARY:
    A very high cpu consumption for what appears to be a
    pthread spawned within libdce itself was seen.
    The thread was "timer_loop".

    PROBLEM CONCLUSION:
    In the timer loop in RPC for AIX, gettimeofday was changed to
    time() system call to improve performance. But in Solaris time
    call makes lot of system calls. So changed the call back to
    gettimeofday only for Solaris. The routine this change was made
    was rpc__clock_update.

    ------

    APAR: IY29364 COMPID: 5765E5100 REL: 600
    ABSTRACT: CSAIX: FOR AN LUA TP, WHEN BB IS RECEIVED WHILE IN-BRACKET,

    PROBLEM DESCRIPTION:
    Communications Server for AIX, V6
    An application using the LUA API is in in-bracket state when a
    Begin Bracket (BB) is received. CS/AIX intercepts that as an
    error and generates and returns sense code 08130000 to the
    remote host. The application programmers expect CS/AIX to
    recognize the received BB as an error, but to pass this to the
    application in an Exception Request (EXR) (as described in the
    CS/AIX LUA Programmer's Guide) to allow the application to
    modify the sense code to 08140000, which is also valid for this
    situation.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      An application using the LUA API is in in-bracket state
      when a Begin Bracket (BB) is received. CS/AIX intercepts
      that as an error and generates and returns sense code
      08130000 to the remote host. The application programmers
      expect CS/AIX to recognize the received BB as an error,
      but to pass this to the application in an Exception
      Request (EXR) (as described in the CS/AIX LUA Programmer's
      Guide) to allow the application to modify the sense code
      to 08140000, which is also valid for this situation.
      PROBLEM SUMMARY:
      (see problem description)

    PROBLEM CONCLUSION:
    Added a new configuration option to allow the LUA appication
    to control the bracket race sense code.

    ------

    APAR: IY29365 COMPID: 5765E5100 REL: 601
    ABSTRACT: CS/AIX MBUF LEAK FOR IPX PACKET IF SAP E0 PORT IS OPENED.

    PROBLEM DESCRIPTION:
    CS/AIX has a problem about handling/discarding a datagram of IPX
    packet. Datagram handler cannot route the packet, and does not
    return it to the free list.

    LOCAL FIX:
    Disabling ports for incoming IPX packets.

    PROBLEM SUMMARY:
    An mbuf leak occurs when CS/AIX received unexpected non-SNA
    messages on a SAP address for which CS/AIX has an active
    port.

    PROBLEM CONCLUSION:
    The active port accepts the incoming datagram. If this were a
    valid SNA message, a dynamic link station would be created and
    activated. Since this is a non-SNA message, that does not
    occur, and the message is discarded. The mbuf associated is
    not being released when this occurs. The SNA software has
    been corrected to release this mbuf before recycling the port.

    ------

    APAR: IY29577 COMPID: 5639I3500 REL: 310
    ABSTRACT: EMPTY PARAMETERS ARE ADDED TO THE CONFIG COMMAND

    PROBLEM DESCRIPTION:
    When configuring DCE using SMIT, you will get syntax errors.
    The SMIT panels will pass parms with no values to the DCE
    config.dce command.

    PROBLEM CONCLUSION:
    Made the necessary corrections.

    ------

    APAR: IY29578 COMPID: 5639I3500 REL: 310
    ABSTRACT: IP ADDR CHG FOR CDSSRV IN SPLIT CONFIG DOESN'T WORK

    PROBLEM DESCRIPTION:
    dcecp -c clearinghouse create /.:/xxxx_ch hangs after
    CDS machine IP address change.

    PROBLEM CONCLUSION:
    Made necessary changes in cdsd code.

    ------

    APAR: IY29579 COMPID: 5639I3500 REL: 310
    ABSTRACT: CONTINUE FIXING SECURITY HOLES IN SMIT AND CONFIG

    PROBLEM DESCRIPTION:
    Some of the scripts and SMIT panels do not have fully
    qualified paths to external commands (or do not have a local
    PATH statement). This could cause a security exposure.

    PROBLEM CONCLUSION:
    Fully qualified paths to external commands.

    ------

    APAR: IY29581 COMPID: 5639I3500 REL: 310
    ABSTRACT: FVT: CAN NOT UNCONFIG DCE_UNIXD THROUGH SMIT/SMITTY

    PROBLEM DESCRIPTION:
    Even though you can select dce_unixd on the SMIT unconfig
    panel, it will not unconfigure it.

    PROBLEM SUMMARY:
    dceunixd cannot be configured using SMIT in AIX.

    PROBLEM CONCLUSION:
    Changed necessary SMIT code.

    ------

    APAR: IY29582 COMPID: 5639I3500 REL: 310
    ABSTRACT: SCRAPE.DCE SHOULD STOP PWDSTRS OTHER THAN THE DEFAULT

    PROBLEM DESCRIPTION:
    If the user is told to run dcf_scrape_dce by DCE service
    personnel, the sub-command will not stop non-default
    password strength servers (/opt/dcelocal/bin/pwd_strengthd).

    PROBLEM CONCLUSION:
    Made necessary changes in code.

    ------

    APAR: IY29586 COMPID: 5639I3500 REL: 310
    ABSTRACT: CONFIG.DCE SEC_SRV IS REMOVING DIRS CREATED BY INSTALL

    PROBLEM DESCRIPTION:
    An error message will appear when the security server
    component is removed with installp stating that some
    directories are missing.

    PROBLEM CONCLUSION:
    Made the necssary changes.

    ------

    APAR: IY29587 COMPID: 5639I3500 REL: 310
    ABSTRACT: SCRAPE NOT CLEANING UP DCE ENVIRONMENT VARIABLES

    PROBLEM DESCRIPTION:
    If the user is told by DCE service personnel to run
    dcf_scrape_dce, the program will not remove DCE environment
    variables from /etc/environment.

    PROBLEM CONCLUSION:
    The program was changed to remove DCE environment variables
    from /etc/environment.

    ------

    APAR: IY29592 COMPID: 5639I3500 REL: 310
    ABSTRACT: PURIFY: UMR IN OUTPUT_CACHE_LINE(), SECIDMAP.C

    PROBLEM DESCRIPTION:
    Customer sees "UMR: output_cache_line..." in Purify

    PROBLEM CONCLUSION:
    Necessary change made in code.

    ------

    APAR: IY29593 COMPID: 5639I3500 REL: 310
    ABSTRACT: PURIFY: UMR IN DB44: MPOOL_SYNC()

    PROBLEM DESCRIPTION:
    Purify: UMR: ... (call stack)... mpool_sync->write->_write

    PROBLEM CONCLUSION:
    Use calloc() instead of malloc() for the new block.

    ------

    APAR: IY29609 COMPID: 5765E5100 REL: 601
    ABSTRACT: CSAIX LUA: APPLICATION CANNOT RECONNECT TO LU AFTER FAILED

    PROBLEM DESCRIPTION:
    Communications Server for AIX, V6
    When an LUA application issues an invalid RUI_TERM, then
    additionalRUI_TERM commands fail. ven after the application
    ends, no new processes can connect to (RUI_INIT) the LU or issue
    RUI_TERM to clean it up, until the node has been restarted.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      When an LUA application issues an invalid RUI_TERM, then
      additional RUI_TERM commands fail. Even after the application
      ends, no new processes can connect to (RUI_INIT) the LU or
      issue RUI_TERM to clean it up, until the node has been
      restarted.
      PROBLEM SUMMARY:
      After the first RUI_TERM fails and the process ends, a new
      processes attempting to connect to the LU with RUI_INIT fails
      with return codes UNSUCCESSFUKL and INVALID_PROCESS. An
      attempt to issue RUI_TERM with only lua_luname (because there
      is no valid lua_sid now) fails with return codes
      PARAMETER_CHECK and BAD_SESSION_ID, even though lua_sid is
      not required if lua_luname is used.

    PROBLEM CONCLUSION:
    The LUA library was treating the conversation as terminated
    even though the RUI_TERM failed, but the internals were not.
    This caused the session to remain allocated, so new RUI_INIT
    attempts would fail. Because the LUA library had released the
    conversation already, new RUI_TERM attempts also failed.
    Altered the LUA library and LUA stub in the router to correctly
    treat a failed RUI_TERM as not terminating the conversation.
    The APPN code already treats the RUI_TERM in this way.

    TEMPORARY FIX:
    Correct the LUA application to not issue an invalid RUI_TERM.

    ------

    APAR: IY29649 COMPID: 5639I3700 REL: 310
    ABSTRACT: DCED CORE DUMPING WHILE PORT SCANNER APPLICATIONS(PARTICULARLY

    PROBLEM DESCRIPTION:
    dced can core dump when the port mapper applications
    are scanning the udp ports

    PROBLEM CONCLUSION:
    To handle such packets in the rpc so that no data corruption
    takes place.

    ------

    APAR: IY29746 COMPID: 5639I3500 REL: 310
    ABSTRACT: PURIFY: OVERLAPPING STRCPY IN RSDB_NAME_UTIL_CONVERT_TO_CELL

    PROBLEM DESCRIPTION:
    Core with stack see defect .

    PROBLEM SUMMARY:
    Core with the following stack:
        strcpy rtlib.o
        rsdb_name_util_convert_to_cell rsdb_name_util.c:404
        rsdb_name_canonicalize rsdb_name_util.c:265
        princ_to_login_name kdb_rsdb.c:571
        ldap_krb5_get_principal_with_dn ldap_map_misc.c:527
        krb5_db_get_principal kdb_rsdb.c:1099
        init_db main.c:751
        kdc_init main.c:911
        rs_start_kerberos rs.c:1535
        rgy_main rs_main.c:1456
        main rs_main.c:882
        _start crt1.o

    PROBLEM CONCLUSION:
    Made necessary changes to code.

    ------

    APAR: IY29748 COMPID: 5639I3500 REL: 310
    ABSTRACT: PURIFY: UMR IN CDS_READ_POP(), COULD POSSIBLY CAUSE PROBLEM

    PROBLEM DESCRIPTION:
    See defect for call stack reported by Purify, this indicates
    the uninitialized variable in the cds_read_pop() function.

    PROBLEM SUMMARY:
    Uninitialized memory shows up in purify output
    cds_read_pop().

    PROBLEM CONCLUSION:
    Made necessary changes to code .

    ------

    APAR: IY29749 COMPID: 5639I3500 REL: 310
    ABSTRACT: SECURITY HOLE IN DFSWEB CONFIG SCRIPTS

    PROBLEM DESCRIPTION:
    A security exposure exists in the WebSecure configuration
    utilities. System commands are called with fully qualified
    paths.

    PROBLEM CONCLUSION:
    Made necessary changes to the code

    TEMPORARY FIX:
    Search the files in /opt/dcelocal/web/bin/install
    "exec" and fully qualify what they will call.

    ------

    APAR: IY29750 COMPID: 5639I3500 REL: 310
    ABSTRACT: INCORRECT RETURN CODE LOGGED FROM RPC_NS_BINDING_IMPORT_NEXT

    PROBLEM DESCRIPTION:
    If config is unable to determine the ip address of a machine
     because of a bad status code returned from
    rpc_ns_binding_import_next, the entry in cfgdce.log says
    that the return code from rpc_ns_binding_import_next was 0.

    PROBLEM CONCLUSION:
    Made necessary changes to code

    ------

    APAR: IY29751 COMPID: 5639I3500 REL: 310
    ABSTRACT: FULL/LOCAL RSP CFG HANGS ON MULTI-HOMED MACHINES

    PROBLEM DESCRIPTION:
    A full or local DCE config/unconfig using a response file
    will hang on a machine that has multiple IP addresses.

    PROBLEM CONCLUSION:
    Made necessary changes to code

    ------

    APAR: IY29785 COMPID: 5765E5400 REL: 440
    ABSTRACT: ERROR: SERVICE ADAPTER <IP LABEL> IS IMPROPERLY CONFIGURED.

    PROBLEM DESCRIPTION:
    After update of HAS from 4.4.0 to 4.4.1 on a two node cluster
    cluster verification fails with the following error:
        ERROR: Service adapter <IP label> is improperly configured
        on node <node name>.
    The error occurs if there is a service, boot and standby on one
    node and just service and standby on the takeover node.
    Cluster verfication did not fail with HAS 4.4.0.

    PROBLEM SUMMARY:
    Customer see's the error message "Service adapter <css service
    > is improperly configured." during verification.

    PROBLEM CONCLUSION:
    The CuAt ODM is populated (under PSSP 3.1) with attribute
    values of "css" for the switch adapter. The CuDv ODM contains
    references to "css0". There is a query to CuDv that basis the
    adapter label off of the contents of CuAt (css) that fails to
    find the appropriate information in CuDv. A check was added to
    determine if the query contained only the characters "css",
    if this is true then change the query key to "css0"

    ------

    APAR: IY29806 COMPID: 5765E5100 REL: 601
    ABSTRACT: CS/AIX SENDS UNBIND INSTEAD OF TERM-SELF DESPITE

    PROBLEM DESCRIPTION:
    Communications Server for AIX, Version 6
    CS/AIX is not sending TERM-SELF if the process terminates
    without cleaning up for itself. The relevant configuration
    parameters are:
      [define_node]
        send_term_self=YES
      [define_lu_0_3]
        term_method=USE_NODE_DEFAULT
    Despite this, UNBIND is issued instead of TERM_SELF.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      CS/AIX is not sending TERM-SELF if the process terminates
      without cleaning up for itself. The relevant configuration
      parameters are:
         define_node
          send_term_self=YES
         define_lu_0_3
          term_method=USE_NODE_DEFAULT
      Despite this, UNBIND is issued instead of TERM_SELF.
      PROBLEM SUMMARY:
      When a Transaction Program (TP) terminates without properly
      ending the session it is using, Communications Server cleans
      up after it by ending the session. The cleanup method used
      is configured by the parameter send_term_self under
      define_node and by term_method under define_lu_0_to_3. These
      parameters determine whether Communications Server cleans up
      after the TP by issuing UNBIND or TERM-SELF. Despite the
      configuration to use TERM-SELF, Communications Server is
      issuing UNBIND.

    PROBLEM CONCLUSION:
    This only affects applications using the LUA API. RUI_TERM or
    killing the application always causes the session to be
    terminated by sending an UNBIND. The code has been corrected
    to internally handle this configuration for the Close SSCP
    message that is sent internally.

    ------

    APAR: IY29812 COMPID: 5639I3500 REL: 310
    ABSTRACT: REDUNDANT CDS CLERKS FOR A SINGLE UID/GID PAIR

    PROBLEM DESCRIPTION:
    Redundant cdsclerk processes are seen for a single UID/GID
    pair. This occurs only when max_clerk_connections is set in
    cds.conf.

    PROBLEM SUMMARY:
    When the max_clerk_connections is set in the cds.conf file
    the cdsadv does not respect this value and spawns new
    cdsclerk processes inspite of the max_clerk_connections
    not being reached.
    If given time, the redundant processes eventually exit.

    PROBLEM CONCLUSION:
    CDS Advertiser code has been changed to address the
    problem.

    ------

    APAR: IY29831 COMPID: 5639I3500 REL: 310
    ABSTRACT: SECD CORE IN LM_CONSOLIDATE_DATA

    PROBLEM DESCRIPTION:
    The AIX stack from the secd core dump:
    moveeq.memcpy() at 0x100014f8
    lm_consolidate_data(??, ??, ??) at 0x10159788
    lm_get_login_info(??, ??, ??, ??) at 0x1015a4bc
    build_princ_entry(??, ??, ??, ??, ??, ??, ??, ??) at 0x101584c8
    krb5_db_get_principal(??, ??, ??, ??, ??, ??) at 0x10158bec
    process_tgs_req(??, ??, ??, ??) at 0x10166b10
    dispatch(??, ??, ??, ??) at 0x101655d8
    process_packet(??, ??, ??) at 0x10188270
    listen_and_process2(??) at 0x10187844
    kdc_run(??, ??) at 0x101865b0
    start_kerberos_task(??) at 0x100ac818
    pthread._pthread_body(??) at 0xd0117230

    PROBLEM SUMMARY:
    secd many core dump with the following stack
    moveeq.memcpy() at 0x100014f8
    lm_consolidate_data(??, ??, ??) at 0x10159788
    lm_get_login_info(??, ??, ??, ??) at 0x1015a4bc
    build_princ_entry(??, ??, ??, ??, ??, ??, ??, ??) at
                      0x101584c8
    krb5_db_get_principal(??, ??, ??, ??, ??, ??) at 0x10158bec
    process_tgs_req(??, ??, ??, ??) at 0x10166b10
    dispatch(??, ??, ??, ??) at 0x101655d8
    process_packet(??, ??, ??) at 0x10188270
    listen_and_process2(??) at 0x10187844
    kdc_run(??, ??) at 0x101865b0
    start_kerberos_task(??) at 0x100ac818
    pthread._pthread_body(??) at 0xd0117230

    PROBLEM CONCLUSION:
    Defect 69280 already solved this for Solaris.
    Simply change the ifdef from "Solaris" to "IBM_DCE"

    ------

    APAR: IY29885 COMPID: 5639I3500 REL: 310
    ABSTRACT: RUNNING START.DFS WITHOUT RUNNING START.DCE CAN FAIL WITH CDS

    PROBLEM DESCRIPTION:
    Running start.dfs without first running start.dce on a DCE
    client that is not on the same subnet as a CDS server will
    result in CDS client failing to find a cds server". It will
    timeout waiting to find the cds server.

    LOCAL FIX:
    run start.dce before start.dfs

    PROBLEM SUMMARY:
    Running start.dfs without first running start.dce on a DCE
     client that is not on the same subnet as a CDS server will
     result in CDS client failing to find a cds server". It will
     timeout waiting to find the cds server.

    PROBLEM CONCLUSION:
    Made necessary changes to code

    ------

    APAR: IY29892 COMPID: 5639I3500 REL: 310
    ABSTRACT: SMIT/SMITTY ADMIN CFG - RUNS LOCAL DFS_CL CFG

    PROBLEM DESCRIPTION:
    An admin config done from SMIT/SMITTY invokes config.dfs
    which ends up configuring a DFS Client on the local
    machine.

    PROBLEM CONCLUSION:
    Made necessary changes in code.

    ------

    APAR: IY29894 COMPID: 5639I3500 REL: 310
    ABSTRACT: CORE IN SEC_RGY_LOGIN_ACTIVITY_UPDATE ON SOLARIS

    PROBLEM DESCRIPTION:
    secd will core when passing a null parameter to
    sec_rgy_login_activity_lookup. If a pointer to a
    NULL is passed, the core dump will not occur.

    PROBLEM SUMMARY:
    ll core when passing a null parameter to
    sec_rgy_login_activity_lookup. If a pointer to a
    NULL is passed, the core dump will not occur.

    PROBLEM CONCLUSION:
    Made necessary changes.

    ------

    APAR: IY29939 COMPID: 5639I3500 REL: 310
    ABSTRACT: LDAP: MEMORY CORRUPTION LOGGING OUT IN DCECP

    PROBLEM DESCRIPTION:
    Actually, I don't think this is an LDAP issue.
    Performing these simple steps causes a memory overrun:
    dcecp> login cell_admin -p -dce-
    dcecp> logout
    Overrun in delete_login_context().

    PROBLEM SUMMARY:
    Performing these simple steps causes a memory overrun:
    dcecp> login cell_admin -p -dce-
    dcecp> logout

    PROBLEM CONCLUSION:
    Freed memory has been accessed made necessary changes
    in code.

    ------

    APAR: IY29940 COMPID: 5639I3500 REL: 310
    ABSTRACT: SVT: RMXCRED FAILING DUE TO CRED CACHE VERSION NUMBER

    PROBLEM DESCRIPTION:
    rmxcred occasionally fails with message "Unsupported
    credentials cache format version number (dce / krb) while
    setting cache flags (ticket cache <cache listed here>)
    Illegal instruction".

    PROBLEM CONCLUSION:
    Made necessary changes in code.

    ------

    APAR: IY29941 COMPID: 5639I3500 REL: 310
    ABSTRACT: ADD /OPT/DCELOCAL/ETC/CDSCACHE.SHMID TO CLEAN_UP.DCE

    PROBLEM DESCRIPTION:
    The CDS client may fail to restart.

    PROBLEM SUMMARY:
    DS client may fail to restart.

    PROBLEM CONCLUSION:
    Made necessary code change.

    ------

    APAR: IY29982 COMPID: 5639I3700 REL: 310
    ABSTRACT: DCED IS REFERRING TO OBSOLETE UTMP FILE ON SOLARIS 8

    PROBLEM DESCRIPTION:
    In Solaris 8 the /var/adm/utmp file no longer exists (it has
    been replaced by /var/adm/utmpx file). Due to this change, dced
    is unable to delete the old cred files during start of DCE. As
    a result of this, stale cred files may accumulate and at some
    point (especially during start of DCE after a system crash)
    dce_login may fail with the following error: Unable to set
    context: status 0x00000011 (???/ aaa)

    LOCAL FIX:
    Do stop.dce all;clean_up.dce

    PROBLEM SUMMARY:
    dced is referring to obsolete utmp file.

    PROBLEM CONCLUSION:
    Gave correct path to utmpx file instead of utmp file.

    ------

    APAR: IY29983 COMPID: 5639I3500 REL: 310
    ABSTRACT: CDSCLERK HANGS WHILE GOING DOWN

    PROBLEM DESCRIPTION:
    Cdsclerk creates child threads for processing incoming
    requests and increments a counter to keep track of number
    threads that are being created. The cdsclerk will godown after
    a 20 min of inactivity. During this process cdsclerk waits for
    each of its child threads to complete their work. After
    completion of its work, each child thread should decrement the
    above mentioned counter. In an error path, there is a
    possibility for a child thread to miss decrementing this
    counter.Thus cdsclerk keeps waiting for it resulting in a hang
    situation.

    LOCAL FIX:
    cdsclerk hangs.
    Commands(like cdsli) will fail with "Error with socket"

    PROBLEM SUMMARY:
    cdsclerk was hanging while going down after 20 min
    of inactivity.

    PROBLEM CONCLUSION:
    Decremented one 'counter' variable properly and broad
    cated accordingly.

    TEMPORARY FIX:
    kill <cds_clerk_PID>.

    ------

    APAR: IY29994 COMPID: 5765E5100 REL: 601
    ABSTRACT: CSAIX - NEGATIVE RESPONSE TO STSN DOES NOT WORK OVER LUA RUI

    PROBLEM DESCRIPTION:
    Communications Server for AIX, Version 6
    Using LUA API, sending a negative response to a STSN request
    does not work. The RUI_WRITE appears to complete successfully
    and returns error code 0 = SUCCESS. CS/AIX encounters an
    internal error, disconnects the TP process from the session, and
    issues a NOTIFY (SLU disabled) to terminate the session.
    Subsequent LUA API verbs fail with return code SESSION_FAILURE.

    PROBLEM SUMMARY:
      USERS AFFECTED: All
      PROBLEM DESCRIPTION:
      Using LUA API, sending a negative response to a STSN
      request does not work. The RUI_WRITE appears to complete
      successfully and returns error code 0 = SUCCESS. CS/AIX
      encounters an internal error, disconnects the TP process
      from the session, and issues a NOTIFY (SLU disabled) to
      terminate the session. Subsequent LUA API verbs fail with
      return code SESSION_FAILURE.
      PROBLEM SUMMARY:
      When the problem occurs as described above, the
      /var/sna/sna.err log records:
      ---------- 10:10:12 EDT 08 Apr 2002 -----------------------
      APPN Message 512 - 456, Subcode: 0 - 10
      Log category: EXCEPTION Cause Type: API / Internal
      System: xxxx
      Application sent invalid Acknowledgment or Status message.
      Error code = 0x00530000
      LFSID = 01010000
      Cause: An LU type 0, 1, 2, or 3 application sent an invalid
      Acknowledgement or Status message. An error will be
      returned to the application.
      Action: If this message relates to an LUA application, the
      application should act on the error message it receives. If
      it relates to the 3270 emulation program or RJE, and causes
      problems with these programs, contact support services.
      ---------- 10:10:12 EDT 08 Apr 2002 -----------------------
      LOG Message 4096 - 19, Subcode: 0 - 10
      Log category: EXCEPTION Cause Type: Internal
      System: xxxx
      ASSERT:
      File name = ../../p/vappn/nruutils.c
      Line number = 579
      Expression = FALSE
      Stack:
      nru_map_error+5A0(32D37B90,20002,7077D86C,0)
      nru_lu_msg_received+10F4(32D37B90,7077D86C,32D39E9C,80048A58)
      nru_queue_handler+120(7077D86C,20002,32D39E9C,0)
      nba_dispatch_input+290(32F4EA18,32D39E9C,0,7FFFFF)
      nba_dispatch_process+C8(32F4EA18,32D39E9C,2FF3B080,0)
      nba_scheduler+200(298C0,2400010,2FF3B0F0,DEADBEEF)
      vpr_stream_uw_drive_sched+2C(708A0A90,707ABB80,10001,2FF3B390)
      vpr_stream_uw_put+9C(708A0A90,707ABB80,2FF3B1D0,2FF3B390)
      csq_run+23C

    PROBLEM CONCLUSION:
    RUI application tries to send -RSP STSN. This is not sent and
    the session fails. The two error logs entries specified above
    are produced. The code has been corrected to send the -RSP STSN.

    ------

    APAR: IY30344 COMPID: 5765D5100 REL: 340
    ABSTRACT: PSSP SUPPORT FOR P690/P670 USING THE SP SWITCH2 IN A

    PROBLEM DESCRIPTION:
    PSSP support for p609/p670 using the sp switch 2 in a two-plane
    environment

    PROBLEM SUMMARY:
    pssp support for p690/p670 using the sp switch2
    in a two-plane environment

    PROBLEM CONCLUSION:
    pssp support for p690/p670 using the sp swit
    ch2 in a two-plane environment

    ------

    APAR: IY30581 COMPID: 5639I3700 REL: 310
    ABSTRACT: UNINITILAIZED MEM READ IN RPC_EP_REGISTER

    PROBLEM DESCRIPTION:
    UMR, see defect for stack.

    PROBLEM SUMMARY:
    Purify: UMR through rpc_ep_register() seen by customers

    PROBLEM CONCLUSION:
    Changed relevant code

    TEMPORARY FIX:
    Add UMR to Purify's supression list.

    ------

    APAR: IY30584 COMPID: 5639I3700 REL: 310
    ABSTRACT: TRAILING SPACES IN SVC DESIGNATIONS CAUSE ODD FILES

    PROBLEM DESCRIPTION:
    Since we don't check for trailing spaces at EOL in the
    routing file (we simply do an fgets() and replace the 'n'
    character with a '0') the possibility exists that a space
    character will become part of the output file name.

    PROBLEM SUMMARY:
    trailing spaces in svc designations cause odd files

    PROBLEM CONCLUSION:
    Change relevant code

    TEMPORARY FIX:
    Remove any trailing spaces from serviceability specs.

    ------

    APAR: IY30627 COMPID: 5639I3500 REL: 310
    ABSTRACT: DCED NOT HONOURING RPC_UNSUPPORTED_NETADDRS

    PROBLEM DESCRIPTION:
    customers will see some wrong bindings when
    RPC_UNSUPPORTED_NETADDRS is set. You may find some
    bindings exported by dced & other processes started by
    dced containing the excluded IP addrs (set by the env
    variable)

    PROBLEM CONCLUSION:
    comment out/delete the code where we unset the
    RPC_UNSUPPORTED_NETADDRS env variable in the dced code.

    TEMPORARY FIX:
    use RPC_UNSUPPORTED_NETIF instead of
    RPC_UNSUPPORTED_NETADDRS

    ------

    APAR: IY30628 COMPID: 5639I3700 REL: 310
    ABSTRACT: CRASH IN DFSCORE.EXT:RPC__KEY_INFO_REFERENCE()

    PROBLEM DESCRIPTION:
    System Crash, the crash will be due to zeroed out key_info
    struct which result in key_info->refcnt being zero.

    PROBLEM SUMMARY:
    System Crashes due to key_info struct being zeroed
    out which results in refcount being zero, the crash
    dump doesn't provide information to pinpoint the
    origin of the problem, hence these debug messages
    which will log into fatal.log and induce a dump.
    This is an extremely rare problem.

    PROBLEM CONCLUSION:
    The messages along with the crash dump should give us
    something to go by.

    ------

    APAR: IY30680 COMPID: 5639I3500 REL: 310
    ABSTRACT: GDAD CORE DUE TO GARBAGE IN UNINITIALIZED VAR IN BIND_PROCESS

    PROBLEM DESCRIPTION:
    When viewing foreign cell information via dcecp, the command
    will fail, the following message will be displayed:
    Error: msgID=0x16C9A036 Connection closed
    and gdad will core dump with the following stack:
    build_progress(??, ??, ??, ??, ??) at 0x10012e78
    get_rpc_answer(??, ??, ??, ??) at 0x10012480
    cds_ReadAttribute(??, ??, ??, ??, ??, ??, ??, ??)
    op21_ssr(0x200e4d50, 0x200e5010, 0x201828b8, 0x201828b0,
    rpc__dg_execute_call(??, ??) at 0xd08703e0
    cthread_call_executor(??) at 0xd07081c8
    pthread._pthread_body(??) at 0xd0117230
    (The stack is slightly different if serviceabiility is
    turned on at the time.)

    PROBLEM CONCLUSION:
    Within bind_process (called before we get to
    build_progress) there is a "for" loop wherein the variable
    curr_memslot is initialized and then manipulated. Right
    after this loop, curr_memslot is tested to be >0 (this was
    part of defect 67064). The problem arises when we never
    enter the for loop, and thus curr_memslot is never
    initialized and can thus contain garbage, which then gets
    entered into el->num_replicas, and based on that value we
    access the NULL el-replicas_q. Defect 67064's use of the
    curr_memslot var highlighted the fact that curr_memslot was
    never initialized when the for loop was bypassed. The fix
    is to simply initialize both curr_memslot and num_memslots
    to 0 when they are delcared.

    ------

    APAR: IY30691 COMPID: 5639I3500 REL: 310
    ABSTRACT: CORE IN RPC__NAF_DESC_INQ_PEER_ADDR

    PROBLEM DESCRIPTION:
    DCE daemons such as cdsd or secd can core dump with a stack
    similar to the following:
    (dbx) t
    rpc__naf_desc_inq_peer_addr()
    rpc__cn_network_select_dispatch(0x5, 0x300ec370, 0x1,
                                     0x302da8d8)
    lthread_loop()
    lthread(0xf029ebc0)
    pthread._pthread_body(??) at 0xd0102358

    PROBLEM CONCLUSION:
    Currently within rpc__naf_desc_inq_peer_addr, return status
    var is only checked for a value of rpc_s_no_memory after
    each func call, which misses other error status
    possibilities, thus allowing calls to be made with input
    params which have not been properly set up. Change the
    checks on this status var for *any* error condition, not
    just rpc_s_no_memory.

    ------

    APAR: IY30851 COMPID: 5639I3700 REL: 310
    ABSTRACT: PRINC/CELL ENTRY NOT CACHED IN *.NC FILE IN SOME CASES

    PROBLEM DESCRIPTION:
    princ/cell entry is not cached in user's *.nc file when the
    caller of sec_id_gen_name() provides NULL for both princ/cell
    name. This results into too many secidmap calls to security
    server thus increasing the load on security server.

    PROBLEM CONCLUSION:
    Change in source code to enable nc cachinng in this case also.

    ------

    APAR: IY30875 COMPID: 5639I3500 REL: 310
    ABSTRACT: TCLPARSEWORDS() CORE DUMPS ON INVALID CODE POINTS

    PROBLEM DESCRIPTION:
    Core dump after specifying a name with multibyte characters.

    PROBLEM CONCLUSION:
    Cast mismatched variable types to the correct types.

    ------

    APAR: IY30897 COMPID: 5639I3400 REL: 310
    ABSTRACT: DFSBIND SEGVS IN KRB5_FCC_READ DUE TO LOST MUTEX

    PROBLEM DESCRIPTION:
    Some DCE/DFS binaries (at least dtsd and dfsbind) have been
    throwing cores, always in krb5_fcc_read and only (so far) on
    Sol8. As a result of some deep-level analysis the following
    information was found. (Thanks to Bill Dodd for helping!).
    Field id->data->flags should always have KRB5_TC_OPENCLOSE
    flag set. It's set during a krb5_fcc_resolve() and then never
    change it. So MAYBE_OPEN() should always call
    krb5_fcc_open_file(). krb5_fcc_open_file() should always lock
    the mutex and leave it locked unless there was an error.
    Likewise, MAYBE_CLOSE and MAYBE_CLOSE_IGNORE should always
    call krb5_fcc_close_file() which should always unlock the
    mutex.
    So, one possibility is that the pthread_mutex_lock() is
    failing (not likely). Another is that there is an extra
    pthread_mutex_unlock() call being made somewhere. Let's
    explore that possibility.
    The only pthread_mutex_unlock calls in the ccache code are
    called from krb5_fcc_close_file() and the error paths of
    krb5_fcc_open_file(). krb5_fcc_close_file() is only called
    from MAYBE_CLOSE, krb5_fcc_close, and krb5_fcc_set_flags.
    The last 2 funcs probably aren't called in the code paths
    seen in the dfsbind cores. The next step is to look at the
    calls to MAYBE_OPEN()/MAYBE_CLOSE*() to see if they were
    properly matched (in pairs).
    Bingo. There's a "rogue" call to MAYBE_CLOSE_IGNORE() at
    about line 271 of fcc_store.c:
      /* Make sure it's closed; if start_seq_get failed it may
       * be open.*/
      MAYBE_CLOSE_IGNORE(id);
    This would cause just the type of problem that is being seen
    in this core. If another thread had just locked the mutex,
    this call would unlock it. Then this thread, just a few
    lines later does this:
         MAYBE_OPEN(id, FCC_OPEN_RDWR, ret);
    Since we just unlocked the mutex, we can now successfully
    lock it, even though another thread thinks they have it
    locked. This is exactly the code path that thread t12 is
    in. So I have pretty high confidence that this is the
    culprit.

    PROBLEM SUMMARY:
    In some cases multiple threads may wish to open the same
    ccache file for principal-read or write operations. In this
    case we are supposed to place a mutex on the file to prevent
    simultaneous access; also the id and dp strucures are to
    be locked to prevent them from being pulled out from under
    another thread. However, a 'rogue' mutex unlock was put
    into fcc_store.c (line 271) which indiscriminately unlocks
    the file, leaving the possibility open for cross-thread
    'confusion.' This was manifesst in the dp->bufp struct
    member apparently being free'd by one thread while another
    was still using it. This caused cores in both dfsbind and
    dtsd.

    PROBLEM CONCLUSION:
    Removed call to MAYBE_CLOSE_IGNORE(id) at line 271.
    # CHANGED_FILES - Files changed in all releases
    #----------------------------------------------
    src/security/krb5/lib/ccache/file/fcc_store.c
    # EFFECTS - Effects of changes to release "dce310"
    #-------------------------------------------------
    src/security/krb5/lib/ccache/file/fcc_store.c
        ship/power/usr/lpp/dce/bin/kdestroy dce.client.rte.security
        ship/power/usr/lpp/dce/bin/kinit dce.client.rte.security
        ship/power/usr/lpp/dce/bin/rmxcred dce.client.rte.security
        ship/power/usr/lpp/dce/bin/secd dce.security.rte
        ship/power/usr/lpp/dce/bin/klist dce.client.rte.security
        ship/power/usr/lpp/dce/bin/sec_create_db dce.security.rte
        ship/power/usr/lpp/dce/bin/dced dce.client.rte.admin
        ship/power/usr/lib/inst_updt/libdce.a/shr.o dce.client.rte
    # EFFECTS - Effects of changes to release "dce320"
    #-------------------------------------------------
    src/security/krb5/lib/ccache/file/fcc_store.c
        ship/power/usr/lpp/dce/bin/kdestroy dce.client.rte.security
        ship/power/usr/lpp/dce/bin/kinit dce.client.rte.security
        ship/power/usr/lpp/dce/bin/rmxcred dce.client.rte.security
        ship/power/usr/lpp/dce/bin/dcecp dce.client.rte.admin
        ship/power/usr/lpp/dce/bin/secd dce.security.rte
        ship/power/usr/lpp/dce/bin/klist dce.client.rte.security
        ship/power/usr/lpp/dce/bin/sec_create_db dce.security.rte
        ship/power/usr/lpp/dce/bin/dced dce.client.rte.admin
        ship/power/usr/lib/inst_updt/libdce.a/shr.o dce.client.rte

    ------

    APAR: IY31003 COMPID: 5639I3700 REL: 310
    ABSTRACT: NEW ENV VARIABLE USE_NAMECACHE TO CONTROL CACHE USAGE

    PROBLEM DESCRIPTION:
    bosserver puts stale UUID of unconfigured dfs-server when
    reconfig of dfs-server is done.

    PROBLEM SUMMARY:
    bosserver puts stale UUID of unconfigured dfs-server when
     reconfig of dfs-server is done

    PROBLEM CONCLUSION:
    The problem in DFS was seen because nc file was returning a
    stale UUID of dfs-server which was already unconfigured.

    ------

    APAR: IY31039 COMPID: 5765D5100 REL: 311
    ABSTRACT: BAD DMA WRITE FOR KLAPI 0-COPY MSG

    PROBLEM DESCRIPTION:
    This problem is caused by cleaning up a hal dma handle while the
    there is still a post of the message possible.

    PROBLEM SUMMARY:
    There is a time hole where a DMA buffer may
    remain posted after a message is marked as complete to the user.
    This leaves the possibility of data corruption or, in the case
    of a regatta, a system check stop.

    PROBLEM CONCLUSION:
    All outstanding DMA bugers are cancelled
    before a buffer is marked as complete to the user.

    ------

    APAR: IY31310 COMPID: 5765E5400 REL: 440
    ABSTRACT: HAES: ERROR INFORMATION NOT LOGGED TO SHUTDOWN_RSCT.OUT FILE

    PROBLEM DESCRIPTION:
    When the customer was stopping the cluster, some error evidently
    occurred within the shutdown_rsct routine of clstop script,
    causing it not to wait for clstrmgr inoperative before stopping
    the rsct daemons and resulting in a halt of the system. The
    /tmp/shutdown_rsct.out file did not contain any information
    about the error.

    PROBLEM SUMMARY:
    When the customer was stopping the cluster, some error
    evidently occurred within the shutdown_rsct routine of clstop
    script, causing it not to wait for clstrmgr inoperative before
    stopping the rsct daemons and resulting in a halt of the
    system. The /tmp/shutdown_rst.out file did not contain any
    information about the error.

    PROBLEM CONCLUSION:
    The exec commands in the shutdown_rsct routine of clstop
    were coded incorrectly for redirection of output to the
    logfile. The exec commands were removed and replaced by
    redirection of both standard out and standard error to the
    logfile on the call to the routine.

    ------

    APAR: IY31326 COMPID: 5765E5400 REL: 440
    ABSTRACT: SYNTAX ERROR IN GET_DISK_VG_FS

    PROBLEM DESCRIPTION:
    I found the syntax error while investigating another problem.
    A block of code should only be executed if VOLUME_GROUPS is
    not null. Instead it is always executed.

    PROBLEM SUMMARY:
    Corrected syntax error in script that
    tested whether volume groups needed to
    be reacquired.

    PROBLEM CONCLUSION:
    Corrected syntax error in script that
    tested whether volume groups needed to
    be reacquired.

    ------

    APAR: IY31331 COMPID: 5765D9300 REL: 320
    ABSTRACT: MPI_FILE_WRITE_AT() ERROR WITH IBM_LARGE_BLOCK_IO SET TO TRUE.

    PROBLEM DESCRIPTION:
    The error:
    > ERROR: 0032-114 MPI internal error: < mpi_io.c : 5093 : 15 >
    > MPI_File_write_at, task 1
    > ERROR: 0032-114 MPI internal error: < mpi_io.c : 5093 : 10 >
    > MPI_File_write_at, task 2
      is seen in a test case supplied by LLNL when IBM_Large_block_
    IO is set to true. The application then fails.

    PROBLEM SUMMARY:
    MPI-IO uses an indirect array _mpi_resp_ids to associate
    task ids with I/O responder ids. The array of file
    desctiptors cached in MPI file object is indexed by
    responder ids, rather than task ids. The internal error is
    caused by using task id as the index of the file descriptor
    array directly.

    PROBLEM CONCLUSION:
    A task_id to responder_id translation is added before using
    the array of file descriptors.

    ------

    APAR: IY31374 COMPID: 5765D5100 REL: 311
    ABSTRACT: S1TERM PROCESSING ENHANCEMENTS

    PROBLEM DESCRIPTION:
    s1term processing enhancements

    PROBLEM SUMMARY:
    Enhancements were required to s1term processing used by
    a node to obtain a srvtab and the supman password.

    PROBLEM CONCLUSION:
    Enhancements were made to s1term processing used by
    a node to obtain a srvtab and the supman password.
    The effected scripts were kfserver and pssfb_script
    for srvtab processing and srvsuppwd and getsuppwd
    for the processing of the supman password.

    ------

    APAR: IY31483 COMPID: 5765E5400 REL: 440
    ABSTRACT: HAES:AUTO ERROR NOTIFICATION FAILS WITH FASTT500 DISK ARRAY

    PROBLEM DESCRIPTION:
    Automatic Error Notification methods cannot be added to clstr
    attached to FAStT500 disk array. Cluster is not running,
    nothing appears in any logs including AIX errlog and /.rhosts
    file is properly configured on all cluster nodes w/file
    permission of 644.
    SMIT output shows:
    n1: Operation failed.
    dsh: 5025-509 n1 rsh had exit code 1
    n2: Operation failed.
    Only workaround would be to avoid AEN.

    PROBLEM CONCLUSION:
    Add AEN support for FAStT500 disk array.
    For this disk array, must use the hdisk's location to find
    the adapter driver. The parent of the driver is the adapter.
    This is handled differently for all other supported disks.

    ------

    APAR: IY31485 COMPID: 5765E5400 REL: 440
    ABSTRACT: HAS/HAES:CLSTAT -R NEEDS TO REACT CORRECTLY

    PROBLEM DESCRIPTION:
    When using the -r with the clstat command the value specifed
    does not change the operation of clstat.

    PROBLEM CONCLUSION:
    The clstat command is modified to properly use the value
    specified by the -r flag.

    ------

    APAR: IY31489 COMPID: 5765E5400 REL: 440
    ABSTRACT: HAES:ADD SUPPORT FOR FASTT500

    PROBLEM DESCRIPTION:
    HACMP does not do disk takeover on the FAStT500.

    PROBLEM CONCLUSION:
    Modify HACMP to detect the FAStT500, and perform special
    processing to break reserves.

    ------

    APAR: IY31520 COMPID: 5765D5100 REL: 340
    ABSTRACT: SPCW_DEFER_NTP SHOULD CALL /USR/SBIN/NTPDATE, NOT $SSP_BIN/NTPDA

    PROBLEM DESCRIPTION:
    The PSSP Version of xntpd is no longer used in PSSP 3.2. PSSP
    systems, 3.2 and higher, must use the AIX version of ntpdate,
    which is /usr/sbin/ntpdate.
    The script /usr/sbin/hacws/spcw_defer_ntp uses $SSP_BIN/ntpdate,
    which is incorrect. See line 101. Result is that xntpd does
    not start.

    LOCAL FIX:
    As a workaround, customer can use a symbolic link:
        ln -s /usr/sbin/ntpdate /usr/lpp/ssp/bin/ntpdate
    OR, edit line 101 in /usr/sbin/hacws/spcw_defer_ntp
    an replace $SSP_BIN/ntpdate with /usr/sbin/ntpdate.

    PROBLEM SUMMARY:
    Effective with PSSP 3.2, ntp is no longer shipped with PSSP.
    The AIX version of ntp should be used. spcw_defer_ntp
    is calling /usr/lpp/ssp/bin/ntpdate when it should be
    calling /usr/sbin/ntpdate.

    PROBLEM CONCLUSION:
    spcw_defer_ntp has been modified to call /usr/sbin/ntpdate
    instead of /usr/lpp/ssp/bin/ntpdate.

    ------

    APAR: IY31591 COMPID: 5639I3400 REL: 310
    ABSTRACT: /OPT/DCE/PDG PERMISSIONS INCORRECT

    PROBLEM DESCRIPTION:
    The pdgquery command will fail when called by a non-root
    user because it can not read the files in
    /opt/dcelocal/pdg.

    LOCAL FIX:
    Change the permissions manually.

    PROBLEM SUMMARY:
    Change the permissions on the files in /opt/dcelocal/pdg
    to be 755. (Do this in a way that can be done from a PTF.)

    PROBLEM CONCLUSION:
    Change the permissions on the files in /opt/dcelocal/pdg
    to be 755. (Do this in a way that can be done from a PTF.)

    ------

    APAR: IY31626 COMPID: 5765E5400 REL: 440
    ABSTRACT: HACMP,HAES: ERRONEOUS CLVERIFY TEST ON /.RHOSTS

    PROBLEM DESCRIPTION:
    clverify states that /.rhosts should have permissions of 644

    PROBLEM CONCLUSION:
    Check for permissions of 600, and call for that in the message

    ------

    APAR: IY31627 COMPID: 5765E5400 REL: 440
    ABSTRACT: HACMP,HAES: ALLOW LATEST ESS MODELS IN RAID CONCURRENT MODE

    PROBLEM DESCRIPTION:
    Cannot use the latest ESS models in RAID concurrent mode.

    PROBLEM CONCLUSION:
    Add these models to the conraid.dat table

    ------

    APAR: IY31658 COMPID: 5765D5100 REL: 340
    ABSTRACT: SDRCHANGEATTRVALUES KFSERVER_TIMEOUT FAILS ON REJECT

    PROBLEM DESCRIPTION:
    sdrchangeattrvalues kfserver_timeout fails on reject

    PROBLEM SUMMARY:
    Enhancements were required to packaging files for ssp.basic
    for the setting of the kfserver_timeout attribute in the
    SP class.

    PROBLEM CONCLUSION:
    Enhancements were made to packaging files for ssp.basic
    for the setting of the kfserver_timeout attribute in the
    SP class.

    ------

    APAR: IY31685 COMPID: 5765E5400 REL: 440
    ABSTRACT: HAES: CLSTAT DISPLAYS INCOMPLETE INFORMATION

    PROBLEM DESCRIPTION:
    Sometimes clstat will not display a interface or cluster
    sub state.

    PROBLEM CONCLUSION:
    Change header size because cluster name, number and date will
    not fit on one line if cluster name >20. Make lines requried
    for each node display correct.

    ------

    APAR: IY31686 COMPID: 5765E5400 REL: 440
    ABSTRACT: CONVERT SNAPSHOT ODM BROKEN (HAES441)

    PROBLEM DESCRIPTION:
    The clresmgrd.log was removed from the HAES product
    as of 4.4.1. It was originally added in 4.3.1.
    IY28763 modified HAES431toHAES44 to remove the
    clresmgrd.log ODM entry from HACMPlogs. But the
    conversion script HAES440toHAES441 must also be
    modified.

    LOCAL FIX:
    It may be possible in some cases to manually
    delete the clresmgrd.log stanza from the snapshot
    file or from ODM with odmdelete. But that is
    a bit tricky and not recommended.

    ------

    APAR: IY31687 COMPID: 5765E5400 REL: 440
    ABSTRACT: HACMP/HAES: TASKGUIDE FAILS TO START

    PROBLEM DESCRIPTION:
    The HAMCP Taskguides do not run due to the CLASSPATH not
    being set properly.

    PROBLEM CONCLUSION:
    Add /usr/lib/java/taskguide to the CLASSPATH.

    ------

    APAR: IY31769 COMPID: 5765D5100 REL: 311
    ABSTRACT: SDRCHANGEATTRVALUES KFSERVER_TIMEOUT FAILS ON REJECT

    PROBLEM DESCRIPTION:
    sdrchangeattrvalues kfserver_timeout fails on reject

    PROBLEM SUMMARY:
    Enhancements were required to packaging files for ssp.basic
    for the setting of the kfserver_timeout attribute in the
    SP class.

    PROBLEM CONCLUSION:
    Enhancements were made to packaging files for ssp.basic
    for the setting of the kfserver_timeout attribute in the
    SP class.

    ------

    APAR: IY31884 COMPID: 5765D5100 REL: 340
    ABSTRACT: DATA CORRUPTION IN HEAP USING KLAPI

    PROBLEM DESCRIPTION:
    Users of KLAPI/VSD's can experience data corruption in the heap.
    This corruption in kernel/system memory can lead to a node crash

    PROBLEM SUMMARY:
    KLAPI was erroneously writing a packets worth of data into
    the bottom of kernel segment 3 while it was waiting for
    a completion notification posted addresses on the adapter
    have been canceled.

    PROBLEM CONCLUSION:
    KLAPI will not copy the stray packet to invalid memory and
    avoid corrupting the kernel memory.

    TEMPORARY FIX:
    Do not use KLAPI/VSD.

    ------

    APAR: IY32006 COMPID: 5724C3505 REL: 310
    ABSTRACT: INTERMITTENT ERROR 17038 ON FXS/LOOP START PROTOCOL

    PROBLEM DESCRIPTION:
    INTERMITTENT ERROR 17038 ON FXS/LOOP START PROTOCOL caused
    by a very short ring which immediately goes to idle again.

    PROBLEM SUMMARY:
    INTERMITTENT ERROR 17038 ON FXS/LOOP START
    PROTOCOL

    PROBLEM CONCLUSION:
    Corrected reset to idle startus routines

    ------

    APAR: IY32026 COMPID: 5765D5100 REL: 340
    ABSTRACT: SUPMAN PASSWORD NOT UPDATED ON REINSTALL AFTER REJECT

    PROBLEM DESCRIPTION:
    supman password not updated on reinstall after reject

    PROBLEM SUMMARY:
    After rejecting a PTF it is possible that the supman
    password on a node will not be updated correctly, resulting
    in errors from invocations of supper.

    PROBLEM CONCLUSION:
    Modified a packaging file so that rejecting a PTF will
    not effect invocations of supper.

    ------

    APAR: IY32050 COMPID: 5724C3505 REL: 310
    ABSTRACT: SOMETIMES PLAYING MESSAGES GIVES TECHNICAL DIFFICULTIES

    PROBLEM DESCRIPTION:
    Sometimes playing messages using the State Table action
    PlayVoiceMessage causes 'technical difficulties' to be played
    and the application to be aborted due to a corrupt voice
    message.

    PROBLEM SUMMARY:
    CANNOT ASSIGN VALUE TO SYSTEM VARIABLE IN
    PROMPT CREATION

    PROBLEM CONCLUSION:
    By setting the sizes of the structures in
    CL_Variables_SystemCopy correctly

    ------

    APAR: IY32091 COMPID: 5765D5100 REL: 340
    ABSTRACT: ESTART FAILED ON AN SP SWITCH2 SYSTEM WITH WRAPPED SWITCH PORTS

    PROBLEM DESCRIPTION:
    estart failed on an sp switch2 system with swapped switch por

    PROBLEM SUMMARY:
    ***********************************************************
    * USERS AFFECTED: *
    * Only users with an SP Switch2 system are affected by *
    * this problem. *
    * *
    ***********************************************************
    * PROBLEM DESCRIPTION: *
    * Estart may fail if unused switch or node ports have *
    * wrap plugs. The following message will be written to *
    * the /var/adm/SPlogs/css{0|1}/p0/flt file on the switch *
    * primary node: *
    * CSswitchInit: 2510-712 generate_service_routes() *
    * failed with rc=103 *
    * *
    * In the /var/adm/SPlogs/css{0|1}/p0/out.top file on the *
    * primary node, the primary's link has the comment: *
    * "L: initialized (port is wrapped)" *
    * *
    * *
    ***********************************************************
    * RECOMMENDATION: *
    * An E-fix may be obtained from the Poughkeepsie SP *
    * Service organization. *
    ***********************************************************

    ------

    APAR: IY32101 COMPID: 5765E5100 REL: 601
    ABSTRACT: CUMULATIVE APAR FOR 6.0.1.2 FOR CS/AIX

    PROBLEM DESCRIPTION:
    Cumulative APAR for 6.0.1.2 for CS/AIX.

    ------

    APAR: IY32358 COMPID: 5765B8100 REL: 220
    ABSTRACT: ADD NEW TRIGGER_EVENT TO CA_START_RECORD_CHANNEL

    PROBLEM DESCRIPTION:
    CA_Start_Record_Channel does not allow the trigger_event in the
    RECORD_CHANNEL_START_ST to specify trigger on Voice or DTMF.

    PROBLEM SUMMARY:
    CA_Start_Record_Channel does not allow the
    trigger_event in the RECORD_CHANNEL_START_ST to specify trigger
    on Voice or DTMF.

    PROBLEM CONCLUSION:
    By adding a new enum (06) in _
    RECORD_TRIGGER_ENUM in the file CA_header.h
    Also by adding code in the file ˝VAE/sw/libsrc/CA_dev.c to
    detect the application using this new enum and turning on
    two bits in the trigger mask which is passed to the DD.

    ------

    APAR: IY32402 COMPID: 5724C3505 REL: 310
    ABSTRACT: 3270 SESSIONS DO NOT ALWAYS RECOVER WHEN HOST GOES DOWN

    PROBLEM DESCRIPTION:
    Sometimes if the Host goes down then the 3270 Sessions do
    not always recover when the host comes back again.
    This is more likely to be seen if some of the sessions are
    on a host which stays up, but other sessions are on a host
    which goes down.

    PROBLEM SUMMARY:
    Sometimes if the Host goes down then the 3270 S
    Sessions do not always recover when the host comes back again.
    This is more likely to be seen if some of the sessions are on a
    host which stays up, but other sessions are on a host which
    goes down.

    PROBLEM CONCLUSION:
    If scripts are running when DT is shutdown t
    then both CTRL3270 and EXEC3270 tried to deactivate sessions
    using E32DACT and E32DACTA. This causes havoc with the TPS
    library can result in some of the sessions being broken in SNA
    when DT is restarted. The fix was to streamline the shutdown so
    that only E32DACT is used and only once.

    ------

    APAR: IY32509 COMPID: 5639I3700 REL: 310
    ABSTRACT: DCE310 MAINTENANCE PACKAGE FOR PTF SET 6

    PROBLEM DESCRIPTION:
    THIS APAR CREATED FOR MAINTENANCE PACKAGE OF PTF SET 6
    dce310 Maintenance Package for PTF SET 6

    PROBLEM SUMMARY:
    AIXDCE310 MAINTENANCE PACKAGE FOR PTF SET 6

    PROBLEM CONCLUSION:
    AIXDCE310 MAINTENANCE PACKAGE FOR PTF SET 6

    ------

    APAR: IY32550 COMPID: 5765D5100 REL: 311
    ABSTRACT: LATEST PSSP 3.1.1.FIXES AS OF JUNE 2002.

    PROBLEM DESCRIPTION:
    This is the latest PSSP ptf as of June 2002.
    Order this apar to get all of the ptfs as of June 2002.

    PROBLEM SUMMARY:
    This is the latest PSSP ptf as of June 2002.

    PROBLEM CONCLUSION:
    This is the latest PSSP ptf as of June
    2002.

    ------