SQL30082N Security processing failed with reason “26″
SQL Error [28000]: [jcc][t4][207][11243][3.59.81] Connection authorization failure occurred. Reason: GSSAPI non-retryable error. ERRORCODE=-4214, SQLSTATE=28000
DB2 JDBC및 Native Client 연결 관련하여 다음과 같은 오류가 발생하여, 검색한 결과 유사한 내용을 찾을 수 있었습니다.
linux에서 설정하는 패스워드 알고리즘 관련 문제였습니다. 참고하시기 바랍니다.
SQL30082N Security processing failed with reason „15“ („PROCESSING FAILURE“)
when connecting to the db2 database using db2 CONNECT TO dbname USER username
or
Connection authorization failure occurred. Reason: Local security service non-retryable error. ERRORCODE=-4214, SQLSTATE=28000
when connecting remotely (via JDBC driver) read on. I finally found what causes this error and a solution!
[ad]
Environment
- OS: Fedora Core 10 64bit
- DB2: version 9.5, Express edition
- See lower for the solution for Ubuntu
Problem
Tho whole problem is in the format of the passwords in/etc/shadow
. DB2 doesn't seem to like the passwords generated when changing password using the standard passwd
command. In Fedora Core 10 the password is hashed using sha-512 and the entry for user username looks like:
username:$6$efWWOYRY$z5DNL1kLQU4AmPkFBqbQh6LOh0Qjxq654dS9jE46iPNp8Zces8I4bP8GLZ3G3RWLo/6o.LYOV5neYSKxXbL.M1:14375:0:99999:7:::
Solution
DB2 works fine with passwords hashed with standard crypt function. Password in the desired format can be obtained by callingopenssl passwd desiredPassword
. The output of openssl can be passed to usermod --password
The complete command to change user's password then look like:
usermod --password `openssl passwd desiredPassword`usename
Bigger image
I tried to hand-edit /etc/shadow and insert salted MD5 password, which can be obtained by openssl passwd -1 desiredPassword
and the connection was sucessfuly established. To sum it up, the whole problem in the end seems to be that DB2 doesn't like SHA-512 hashes in /etc/shadow. on the other hand, it works fine with hashes generated by crypt
and MD5.
Changing default algorithm in Fedora Core
Fedora Core contains a nice tool authconfig
. To change the default hashing algorithm to MD5 run
authconfig –passalgo md5 –update
All the passwords inserted in the password database will be stored in MD5 from now on. It will, of course, not change the hashes of the current passwords.
Ubuntu
Ubuntu ships with sha512 as default hash algorithm for passwords in /etc/shadow
. The easiest way to change the default algorithm is to edit the file /etc/pam.d/common-password and change the line that reads
password [success=1 default=ignore] pam_unix.so obscure sha512
to
password [success=1 default=ignore] pam_unix.so obscure md5
The information about the algorith is also included in the file/etc/login.defs
, which is used by chpasswd
for example. Therefore change the line
ENCRYPT_METHOD SHA512
to
ENCRYPT_METHOD MD5
http://blog.stastnarodina.com/honza-en/spot/db2-sql30082n-security-processing-failed-with-reason-15/
'Db2 > Db2 troubleshooting' 카테고리의 다른 글
Collecting data for index corruption and/or index or data inconsistency issues (0) | 2013.05.31 |
---|---|
DB2 database corruption causing Tivoli Storage Manager crash (0) | 2013.05.28 |
"Detected client termination" in db2diag.log file. (0) | 2013.05.03 |
LIC1449N error applying DB2 Enterprise Server Edition license on a 32-bit Linux system (0) | 2013.04.04 |
DB생성시 SQL1005N 오류 (0) | 2013.03.14 |