Problem(Abstract)
The -952 error is generally a bad account/password combination. However when there is 100% confidence that the account/password combination is correct, a -952 error can still occur. This article explains one scenario and a possible solution for that problem.
Symptom
Assumptions:
- 100% confidence that the account/password combination is correct
- The OS is properly configured to authenticate Kerberos/AD user accounts
- The user account is a remote Kerberos/AD account
- AIX OS
A -952 error is reported in the server message log and possibly a -951 error to the client.
Cause
The remote AD server may not have a crypt hash password stored for the user account. If so it will return "*" for the crypt hash password value. This value does not match the crypt hash value of the passed-in password.
Resolving the problem
Take one of the following actions where applicable:
- Ensure the permissions of the oninit binary are rwsr-sr--, owner is root and group is informix
- Try running the instance as user root instead of user informix
- Use some other form of authentication such as PAM or SSO
Related information
Single Sign-On With IBM Informix
Setting up Kerberos/SSO in IDS using Windows AD
Configuring Informix Clients for Single Sign-On
Pluggable Authentication Module with Informix Dynamic S
-951 / -952 when using Loadable Password Algorithm (LPA
A possible solution for a -952 error when seen on AIX w
http://www-01.ibm.com/support/docview.wss?uid=swg21650838