Results 1 to 8 of 8
  1. #1
    Join Date
    Jan 2003
    Posts
    1,605

    Unanswered: "Username and/or password invalid" error if using upper case userid and password

    Hi,
    I have DB2 v8.1 fp11 on Linux.

    On Linux I created userid TEST with password TEST (both userid and password are uppercase!). I added user to group db2grp1 to become db2 instance owner.

    When executing command:
    db2 connect to sample user TEST using TEST
    I got error:
    ===========
    SQL30082N Attempt to establish connection failed with security reason "24"
    ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
    ===========

    BTW, I tried creating user with lowercase (userid: test; password: test) and connect works ok. But I need both userid and password with uppercase letters.

    I know there is a solution. I used to know the solution but I forget it.

    Thanks,
    Grofaty

  2. #2
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    Looking at the explanation of SQL30082 reveals that you are out of luck:
    SQL30082N Security processing failed with reason "<reason-code>" ("<reason-string>").

    Explanation:

    An error occurred during security processing. The cause of the security error is described by the "<reason-code>" and corresponding "<reason-string>" value.

    The following is a list of reason codes and corresponding reason strings:

    ...

    24 (USERNAME AND/OR PASSWORD INVALID)

    The username specified, password specified, or both, are invalid. Some specific causes are:
    1. If you have recently changed permissions on DB2 critical files such as db2ckpw or moved to a new Fixpak, the db2iupdt command which updates the instance might not have been run.
    2. The username being used might be in an invalid format. For example, on UNIX and Linux platforms, usernames must be all be lowercase.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  3. #3
    Join Date
    Jan 2003
    Posts
    1,605
    Hi,
    in our environment we have CICS applications on "System z" which are connected to DB2/Linux. CICS puts all userids to uppercase and DB2 Linux/Unix doesn't allow uppercase passwords. I know there is a solution, I have managed it few months ago, but just forget how I solved the problem.

    Any idea is very welcome.
    Thanks,
    Grofaty

  4. #4
    Join Date
    May 2003
    Posts
    113
    this is one of the most stupid family incompatible issues I ever saw in DB2. I have to laugh at this.

    Anyway, is it possible to use single or double quota mark as delimitation?

  5. #5
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    First, CICS is way out of my turf...

    Having mixed case in passwords for DB2 is no problem. Only upper-case characters in user-ids are not allowed by DB2. If you got it to work some time ago (I rather doubt that), then you could not rely on it because the docs state that this is not supported. Maybe you could use your own security plugin to deal with this?

    I searched a bit through the CICS manuals and found this: http://publib.boulder.ibm.com/infoce...a4/dfha4k5.htm The wording "Unless you are using the CREATE command, any lower case characters you enter are converted to upper case." for the SIGNID may suggest that you could probably slip in lower-case characters with the SIGNID. (A lot of conditionals in this sentence; I know.)

    In any case, this seems to be a PMR for CICS and a PMR for DB2 LUW because the two products don't seem to work together.

    p.s: As a real ugly work-around Classic Federation could be a way to go, i.e. make the data DB2 LUW database known in a DB2 z/OS database.
    p.p.s: Double-quotes don't work, unfortunately - at least not with DB2 V9.5. And I agree that this is not a really smart restriction (read that as "stupid").
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  6. #6
    Join Date
    Jan 2003
    Posts
    1,605
    Stolze,
    thanks for help. By the way, I have VSE on Sytem z not z/OS, so CICS is running under VSE system. I also have DB2 on VSE, but DB2/VSE database is so primitive that it doesn't have any kind of federation.

    I don't know maybe few months ago I have solved the problem with dbm cfg parameters on DB2/LUW. If I remember there was something like "DRDA ONLY" value of one parameter... If I remember it was idea to have connections from drda authenticated at client site - so host system is trusted and there is no need of authenticate at DB2/LUW site. I will dig into this in more detail. Maybe there is just a problem in my leaking memory and solution is not related to uppercase userid, but something else maybe dbm cfg...

    Thanks,
    Grofaty
    Last edited by grofaty; 01-04-08 at 03:22.

  7. #7
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    Now I get it: you didn't authenticate with the upper-case user-id at the DB2 LUW server in the first place. That makes sense...

    I think I found someting for you: http://publib.boulder.ibm.com/infoce...c/c0005435.htm Table 1 on this page explains how authentication will happen if you set TRUST_ALLCLNTS to DRDAONLY and TRUST_CLNTAUTH to CLIENT (I believe this is what you need).
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  8. #8
    Join Date
    Jan 2003
    Posts
    1,605
    Stolze,
    that is exactly what I need! Thanks a lot. I have tested and VSE admin has confirmed that now he can connect to DB2/LUW from System z (VSE).

    I should write this down, because my memory allocation has some bug... forgetting.

    In our sample this solution is OK. But if someone would like to have authentication at DB2/LUW site this would be a problem... Thank goodness I am not so lucky.

    Thanks a lot,
    Grofaty
    Last edited by grofaty; 01-04-08 at 08:34.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •