Results 1 to 15 of 15
  1. #1
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170

    Unanswered: Password caching

    V8.1 Fixpack6 AIX 5.3

    Iam running into a password issue. I have a user set up on the DB server. For some reason i see the password to login to OS with the userid is different to the password to login to database. I have to use the previous password of userid to login to database.

    Does database cache the password any where !!!!

    Have anyone ran into similar issue.

    Thx
    Koganti

  2. #2
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    As far as I know DB2 does NOT cache the passwords. How are you trying to connect to the DB?

    Andy

  3. #3
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    That is what i thought. I opened a PMR with IBM and IBM says that DB2 depends on API for password checking.

    But iam seeing on my database is contradicting what IBM is saying and i have been believing all these years

  4. #4
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    Does the behavior change when you stop/start DB2? Maybe your OS authentication goes through another channel than what DB2 is using.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  5. #5
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    DBM gets bounced every sunday Night. We have been noticing this behaviour mostly on Mondays.
    But it still suprises me that same id has two passwords !!!!

    Also we dont have any third party security setup.

    How can the password be out of sync for the same userid at the DB level and OS level !!!!!

  6. #6
    Join Date
    Jan 2008
    Posts
    88
    I had the similar issue on windows , i changed the dependency of DB2 on local account instead of the particular account name from "services.msc " and then it was using the password for the local account even if i changed the password, it didnt give me any problem. May be you need to set something on OS level in AIX.

    hope it would help

  7. #7
    Join Date
    Jan 2003
    Posts
    1,605
    koganti, what is the command you use to "dbm gets bounced every sunday night"?

    Did you tried to restart OS?

  8. #8
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    db2stop force and ipclean are the commands iam using to bounce the DBM before i kick off OFFLINE backup on sunday

  9. #9
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    No we did not bounce the server in 3 months. That is not an option at this time unless we know for sure that is the reason

  10. #10
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    Okay guys i wanna let u know that this issue has been resolved.
    I have found out there are two entries for the same userid in the /etc/security/passwd file and UDB depends on AIX utility for password checking and that utility sucks as it reads the passwd file in random order. Some times it will read the first entry and some times it will read the second entry and that is the reason why the password is changing back n forth. This is a bug that IBM need to address. Thanks for all the people who took time to contribute their ideas

  11. #11
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    How could you get a duplicate entry into /etc/security/passwd in the first place? I suggest that you try to find the bug there...
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  12. #12
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    It is a flat file and prone to human errors. You cannot index a flat file and any one with root authority can mess up the file

  13. #13
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    You are manually editing this file? Now that is bound to be error prone. I searched a bit and found this (first hit on google): http://www.ncsa.uiuc.edu/UserInfo/Re...d_security.htm
    The same can be found here if you follow the links in the second google hit ( http://publib.boulder.ibm.com/infoce...y.htm#a1219924) There it reads:
    Access to this file should be through the system commands and subroutines defined for this purpose. Other accesses may not be supported in future releases. Users can update their own passwords with the passwd command, administrators can set passwords and password flags with the pwdadm command, and the root user is able to use the passwd command to set the passwords of other users.
    I still claim that the problem is not in DB2 or AIX but rather on your side. So you should revisit your processes and educate your system administrators.

    p.s: A system administrator can mess up anything - no matter if it is a flat file or not.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  14. #14
    Join Date
    Jul 2002
    Location
    ATL
    Posts
    170
    I checked with the Unix admin. They said they dont manually edit this file.

    I guess when the password is changed using the command "passwd" it did not clean up the old entry. Iam not sure what the utility passwd does in the background. All i know is it is supposed to change the password but if this utility fails to clean up the old entry in /etc/security/passwd file iam not sure what i can do as a DBA. Only root can read the passwd file

  15. #15
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    I don't believe that the "passwd" tool would allow such a bug. That's too obvious a problem and there are well-known ways to ensure that the update works fine even in case of tool/system crashes (like writing the new data and then atomically switching over to the new version). So you should figure out what went wrong in your environment - and if everything is really fine, open a PMR with IBM support to get this investigated from the operating system side.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •