 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion Groups Database Servers DB2InformixIngresMS SQLOraclePervasive.SQLPostgreSQLProgressSybaseDesktop Databases FileMakerFoxProMS AccessParadoxGeneral General DB TopicsDatabase TheoryRelated Topics Java Development.NET DevelopmentVB DevelopmentMore Topics ... |
Database Forum / DB2 Topics / November 2005Validation of user logins
As a newbie to DB2 I have a strange problem on a zSeries linux box I hope someone can answer. I have created a linux user, user=mytest pw=mytest who is the instance owner and has created a database called mydatabase with our application schema. When entering db2 I can enter ok via, db2> connect to mydatabase This allows me access to the db where I can load/view data in the normal fashion. Trouble is we want to do this via an application which requires us to enter (understandably) a username and password. Everything I try I ends up with; [IBM][CLI Driver] SQL30082N Attempt to establish connection failed with security reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 So I thought a typo had been made when entering the password when creating the user. So I went back into db2 and tried; db2>connect to mydatabase user mytest using mytest and low and behold I get; SQL30082N Attempt to establish connection failed with security reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 Exactly the same error although the password is correct for the linux user as it is how I logon to the machine. The question is why can't I login to db2 using this password. Is there a way to alter or view the password using the root acount ? Is there a procedure for checking the authenticity/status of users allowed to login to a given database ? Any help much appreciated. It is not a good practise to use instance owner for application usage. You should: 1. Create a Linux User ID <user_id> with password 2. create schema <schema_name> authorization <user_id> 3. grant rights to user.....(of course incoming connection right) 3. grant rights to user.....(of course incoming connection right) This could be what we are missing....how do we do this ? > Trouble is we want to do this via an application which > requires us to enter (understandably) a username and password. Actually, it is not understandable why you would want to do this. It is much more logical and a lot less annoying to allow the user to connect to the database using his operating system logon, rather than requiring him to log on yet again. In any case, you must define your end user as a "local" user on the target machine, and that user must be distinct from the instance owner. This is regardless of your logon strategy. > As a newbie to DB2 I have a strange problem on a zSeries linux box I > hope someone can answer. [quoted text clipped - 41 lines] > > Any help much appreciated. Less annoying but more secure !!! Well as it happens, for this test the linux user + password are the same as db user so it does not matter. When we connect using, db2> connect to mydatabase It works as the linux user is the default, but there is no way of achieving this in a C++ application which prompts for a user/password combination. All I want to know is why db2> connect to mydatabase user mytest using mytest fails to login. How can I determine what is wrong ? No, it is typically less secure to demand a password. You can control your O/S logon with all sorts of two-factor authentication schemes (SmartCard, SecurID); however you cannot do this with DB2 - except by telling DB2 to rely on the O/S login (Kerberos). > Less annoying but more secure !!! > [quoted text clipped - 14 lines] > > How can I determine what is wrong ? > No, it is typically less secure to demand a password. You can control your > O/S logon with all sorts of two-factor authentication schemes (SmartCard, > SecurID); however you cannot do this with DB2 - except by telling DB2 to > rely on the O/S login (Kerberos). You can write your own security plugin, and once you're there you can do _anything_ you might want to do (and can implement).  SignatureKnut Stolze DB2 Information Integration Development IBM Germany Sorted....we had wrong password. We did not discover this before as we had assumed the password=mytest. To login we were using root user then, su - mytest Of course as we were root we never entered the password and made a wrong assumption. Thanks for the help. You really do have a very strange concept of security... > Sorted....we had wrong password. > [quoted text clipped - 7 lines] > > Thanks for the help. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.