pajama

SQL30082N Security processing failed with reason „15“ („PROCESSING FAILURE“)

when connecting to the db2 database using db2 CONNECT TO dbname USER username or

when connecting remotely (via JDBC driver) read on. I finally found what causes this error and a solution!

[ad]

Environment

• OS: Fedora Core 10 64bit
• DB2: version 9.5, Express edition
• See lower for the solution for Ubuntu

Problem

Tho whole problem is in the format of the passwords in/etc/shadow. DB2 doesn't seem to like the passwords generated when changing password using the standard passwd command. In Fedora Core 10 the password is hashed using sha-512 and the entry for user username looks like:

Solution

DB2 works fine with passwords hashed with standard crypt function. Password in the desired format can be obtained by callingopenssl passwd desiredPassword. The output of openssl can be passed to usermod --password The complete command to change user's password then look like:

Bigger image

I tried to hand-edit /etc/shadow and insert salted MD5 password, which can be obtained by openssl passwd -1 desiredPasswordand the connection was sucessfuly established. To sum it up, the whole problem in the end seems to be that DB2 doesn't like SHA-512 hashes in /etc/shadow. on the other hand, it works fine with hashes generated by crypt and MD5.

Changing default algorithm in Fedora Core

Fedora Core contains a nice tool authconfig. To change the default hashing algorithm to MD5 run

All the passwords inserted in the password database will be stored in MD5 from now on. It will, of course, not change the hashes of the current passwords.

Ubuntu

Ubuntu ships with sha512 as default hash algorithm for passwords in /etc/shadow. The easiest way to change the default algorithm is to edit the file /etc/pam.d/common-password and change the line that reads

to

The information about the algorith is also included in the file/etc/login.defs, which is used by chpasswd for example. Therefore change the line

to

ENCRYPT_METHOD MD5