November 21st, 2005, 03:35 PM
| | |  Validation of user logins
As a newbie to DB2 I have a strange problem on a zSeries linux box I
hope someone can answer.
I have created a linux user,
user=mytest
pw=mytest
who is the instance owner and has created a database called mydatabase
with our application schema.
When entering db2 I can enter ok via,
db2> connect to mydatabase
This allows me access to the db where I can load/view data in the
normal fashion. Trouble is we want to do this via an application which
requires us to enter (understandably) a username and password.
Everything I try I ends up with;
[IBM][CLI Driver] SQL30082N Attempt to establish connection failed
with security reason "24" ("USERNAME AND/OR PASSWORD INVALID").
SQLSTATE=08001
So I thought a typo had been made when entering the password when
creating the user. So I went back into db2 and tried;
db2>connect to mydatabase user mytest using mytest
and low and behold I get;
SQL30082N Attempt to establish connection failed with security reason
"24"
("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
Exactly the same error although the password is correct for the linux
user as it is how I logon to the machine.
The question is why can't I login to db2 using this password. Is there
a way to alter or view the password using the root acount ?
Is there a procedure for checking the authenticity/status of users
allowed to login to a given database ?
Any help much appreciated.
|
November 23rd, 2005, 04:06 AM
| | | Re: Validation of user logins
It is not a good practise to use instance owner for application usage.
You should:
1. Create a Linux User ID <user_id> with password
2. create schema <schema_name> authorization <user_id>
3. grant rights to user.....(of course incoming connection right)
|
November 23rd, 2005, 04:06 AM
| | | Re: Validation of user logins
> Trouble is we want to do this via an application which[color=blue]
> requires us to enter (understandably) a username and password.[/color]
Actually, it is not understandable why you would want to do this. It is much
more logical and a lot less annoying to allow the user to connect to the
database using his operating system logon, rather than requiring him to log
on yet again.
In any case, you must define your end user as a "local" user on the target
machine, and that user must be distinct from the instance owner. This is
regardless of your logon strategy.
"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132586191.814794.92470@g14g2000cwa.googlegro ups.com...[color=blue]
> As a newbie to DB2 I have a strange problem on a zSeries linux box I
> hope someone can answer.
>
> I have created a linux user,
>
> user=mytest
> pw=mytest
>
> who is the instance owner and has created a database called mydatabase
> with our application schema.
>
> When entering db2 I can enter ok via,
>
> db2> connect to mydatabase
>
> This allows me access to the db where I can load/view data in the
> normal fashion. Trouble is we want to do this via an application which
> requires us to enter (understandably) a username and password.
> Everything I try I ends up with;
>
> [IBM][CLI Driver] SQL30082N Attempt to establish connection failed
> with security reason "24" ("USERNAME AND/OR PASSWORD INVALID").
> SQLSTATE=08001
>
> So I thought a typo had been made when entering the password when
> creating the user. So I went back into db2 and tried;
>
> db2>connect to mydatabase user mytest using mytest
>
> and low and behold I get;
>
> SQL30082N Attempt to establish connection failed with security reason
> "24"
> ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
>
> Exactly the same error although the password is correct for the linux
> user as it is how I logon to the machine.
>
> The question is why can't I login to db2 using this password. Is there
> a way to alter or view the password using the root acount ?
>
> Is there a procedure for checking the authenticity/status of users
> allowed to login to a given database ?
>
> Any help much appreciated.
>[/color]
|
November 23rd, 2005, 04:06 AM
| | | Re: Validation of user logins
Less annoying but more secure !!!
Well as it happens, for this test the linux user + password are the
same as db user so it does not matter.
When we connect using,
db2> connect to mydatabase
It works as the linux user is the default, but there is no way of
achieving this in a C++ application which prompts for a user/password
combination. All I want to know is why
db2> connect to mydatabase user mytest using mytest
fails to login.
How can I determine what is wrong ?
|
November 23rd, 2005, 04:06 AM
| | | Re: Validation of user logins
3. grant rights to user.....(of course incoming connection right)
This could be what we are missing....how do we do this ?
|
November 23rd, 2005, 04:06 AM
| | | Re: Validation of user logins
Sorted....we had wrong password.
We did not discover this before as we had assumed the password=mytest.
To login we were using root user then,
su - mytest
Of course as we were root we never entered the password and made a
wrong assumption.
Thanks for the help.
|
November 25th, 2005, 10:05 AM
| | | Re: Validation of user logins
No, it is typically less secure to demand a password. You can control your
O/S logon with all sorts of two-factor authentication schemes (SmartCard,
SecurID); however you cannot do this with DB2 - except by telling DB2 to
rely on the O/S login (Kerberos).
"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132656832.854620.116990@o13g2000cwo.googlegr oups.com...[color=blue]
> Less annoying but more secure !!!
>
> Well as it happens, for this test the linux user + password are the
> same as db user so it does not matter.
>
> When we connect using,
>
> db2> connect to mydatabase
>
> It works as the linux user is the default, but there is no way of
> achieving this in a C++ application which prompts for a user/password
> combination. All I want to know is why
>
> db2> connect to mydatabase user mytest using mytest
>
> fails to login.
>
> How can I determine what is wrong ?
>[/color]
|
November 25th, 2005, 10:05 AM
| | | Re: Validation of user logins
You really do have a very strange concept of security...
"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132674012.268461.108440@g47g2000cwa.googlegr oups.com...[color=blue]
> Sorted....we had wrong password.
>
> We did not discover this before as we had assumed the password=mytest.
> To login we were using root user then,
>
> su - mytest
>
> Of course as we were root we never entered the password and made a
> wrong assumption.
>
> Thanks for the help.
>[/color]
|
November 25th, 2005, 07:05 PM
| | | Re: Validation of user logins
Mark Yudkin wrote:
[color=blue]
> No, it is typically less secure to demand a password. You can control your
> O/S logon with all sorts of two-factor authentication schemes (SmartCard,
> SecurID); however you cannot do this with DB2 - except by telling DB2 to
> rely on the O/S login (Kerberos).[/color]
You can write your own security plugin, and once you're there you can do
_anything_ you might want to do (and can implement).
--
Knut Stolze
DB2 Information Integration Development
IBM Germany
|
| Thread Tools | Search this Thread | | | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | |
| | | What is Bytes?
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 205,414 network members.
|
