hide DB2 password in the ps -ef command while executing the script

db2_unix_help · #1 (**permalink**) 12-08-11, 04:29

Hi,

I need to hide the db2 password

Quote:

db2 -tx +p <<EOF1

connect to ${DBALIAS} user ${user} using ${pwd};

In the above scenario, any one can see the password by giving ps -ef while its running or in the log.

So I want a best possible way to hide this.

Ur help is highly appreciated

ARWinner · #2 (**permalink**) 12-08-11, 09:14

Is this a script or interactive session?

Andy

db2_unix_help · #3 (**permalink**) 12-08-11, 09:33

This is script
which will run automatically thru cron or Tivoli Manager

Please help me to overcome this

ARWinner · #4 (**permalink**) 12-08-11, 09:52

Let me get this straight. You have a script that has the password in it unencrypted where anyone can read it, and you are worried that they will get a glimpse of it with ps. I think you need to figure a different way.

Andy

db2_unix_help · #5 (**permalink**) 12-08-11, 10:04

Yes... but i dont have any idea of the different way....

ARWinner · #6 (**permalink**) 12-08-11, 10:06

Is the script running on the DB2 server? Which user is running the script?

Andy

db2_unix_help · #7 (**permalink**) 12-08-11, 11:30

the script is running on AIX 6.1 Version. And DB2 sits on AIX

The script is scheduled in Tivoli. The script is having 777 permission.

ARWinner · #8 (**permalink**) 12-08-11, 12:39

Which user is running the script?

Andy

db2_unix_help · #9 (**permalink**) 12-09-11, 00:26

Batch user.

The scripts will be running in batch mode

ARWinner · #10 (**permalink**) 12-09-11, 10:35

Since you are running the script on the server where DB2 resides, it may be possible to not use a password at all. I do not know AIX, but this works on linux. Just make sure that the DB2 environment is set up for the user.

Andy

db2_unix_help · #11 (**permalink**) 12-11-11, 23:29

Hi Andy,

can you give me an example....

because in my case its not working without password.

ARWinner · #12 (**permalink**) 12-12-11, 10:00

Try doing this:

1) open a terminal session on the server as the Batch User
2) Issue "connect to DBALIAS"

What happens?

Andy

DBFinder · #13 (**permalink**) 12-12-11, 19:57

Basically there may not be any feasible solution as long as you set permission to 777. Only thing seems possible not to use any password. The job runs local, you do not have to provide a password as Andy said.

However if you are able to set permissions to 700, which should be possible in most cases, .psec file method is most appropriate to connect to databases, even on remote server.

As long as you are on trusted domain, db2 should not require any password.

Regards

wolaos123 · #14 (**permalink**) 12-13-11, 01:02

1 if the AUTHENTICATION set as SERVER or SERVER_ENCRYPT
# db2 get dbm cfg|grep AUTHENTICATION
Database manager authentication (AUTHENTICATION) = SERVER_ENCRYPT

then there is no need set the password in the connect line

2 generate RSA Public and Private keys for SCP,SSH,script between the servers

3 Alternatively,
connect to ${DBALIAS} user ${user} using `cat /some/dir/passwd_file`;

db2_unix_help · #15 (**permalink**) 12-13-11, 03:28

Hi Andy/DB Finder,

I'm getting the below error message while trying to connect

$ db2 connect to <dbalias>
SQL30082N Security processing failed with reason "3" ("PASSWORD MISSING").
SQLSTATE=08001

Hi wolaos123,

I'm getting the below error message while trying to connect from the prompt without specifying the pwd.

$ db2 connect to <dbalias>
SQL30082N Security processing failed with reason "3" ("PASSWORD MISSING").
SQLSTATE=08001

<user>@<server>:<path> >
$ db2 get dbm cfg|grep AUTHENTICATION
Database manager authentication (AUTHENTICATION) = SERVER_ENCRYPT

Please give me an example for RSA Authentication.
Please help me on this.

Internet Services

Web Development

Digital Marketing

Consumer Tech