V8.1 Fixpack6 AIX 5.3

Iam running into a password issue. I have a user set up on the DB server. For some reason i see the password to login to OS with the userid is different to the password to login to database. I have to use the previous password of userid to login to database.

Does database cache the password any where !!!!

Have anyone ran into similar issue.

Thx
Koganti

As far as I know DB2 does NOT cache the passwords. How are you trying to connect to the DB?

Andy

That is what i thought. I opened a PMR with IBM and IBM says that DB2 depends on API for password checking.

But iam seeing on my database is contradicting what IBM is saying and i have been believing all these years

Does the behavior change when you stop/start DB2? Maybe your OS authentication goes through another channel than what DB2 is using.

DBM gets bounced every sunday Night. We have been noticing this behaviour mostly on Mondays.
But it still suprises me that same id has two passwords !!!!

Also we dont have any third party security setup.

How can the password be out of sync for the same userid at the DB level and OS level !!!!!

I had the similar issue on windows , i changed the dependency of DB2 on local account instead of the particular account name from "services.msc " and then it was using the password for the local account even if i changed the password, it didnt give me any problem. May be you need to set something on OS level in AIX.

hope it would help

koganti, what is the command you use to "dbm gets bounced every sunday night"?

Did you tried to restart OS?

db2stop force and ipclean are the commands iam using to bounce the DBM before i kick off OFFLINE backup on sunday

No we did not bounce the server in 3 months. That is not an option at this time unless we know for sure that is the reason

Okay guys i wanna let u know that this issue has been resolved.
I have found out there are two entries for the same userid in the /etc/security/passwd file and UDB depends on AIX utility for password checking and that utility sucks as it reads the passwd file in random order. Some times it will read the first entry and some times it will read the second entry and that is the reason why the password is changing back n forth. This is a bug that IBM need to address. Thanks for all the people who took time to contribute their ideas

How could you get a duplicate entry into /etc/security/passwd in the first place? I suggest that you try to find the bug there...

It is a flat file and prone to human errors. You cannot index a flat file and any one with root authority can mess up the file

You are manually editing this file? Now that is bound to be error prone. I searched a bit and found this (first hit on google): http://www.ncsa.uiuc.edu/UserInfo/Re...d_security.htm
The same can be found here if you follow the links in the second google hit ( http://publib.boulder.ibm.com/infoce...y.htm#a1219924) There it reads:
I still claim that the problem is not in DB2 or AIX but rather on your side. So you should revisit your processes and educate your system administrators.

p.s: A system administrator can mess up anything - no matter if it is a flat file or not.

I checked with the Unix admin. They said they dont manually edit this file.

I guess when the password is changed using the command "passwd" it did not clean up the old entry. Iam not sure what the utility passwd does in the background. All i know is it is supposed to change the password but if this utility fails to clean up the old entry in /etc/security/passwd file iam not sure what i can do as a DBA. Only root can read the passwd file

I don't believe that the "passwd" tool would allow such a bug. That's too obvious a problem and there are well-known ways to ensure that the update works fine even in case of tool/system crashes (like writing the new data and then atomically switching over to the new version). So you should figure out what went wrong in your environment - and if everything is really fine, open a PMR with IBM support to get this investigated from the operating system side.