Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2011
    Posts
    4

    Unanswered: DB2 UDB Password Recovery

    Greetings,

    I have recently taken over the System Administrator role for a DB2 UDB database (Version 8.1 FP18) running on Linux. Our primary use of this server is to integrate data environments, allowing our DB2 databases to connect our Oracle Databases.

    My predecessor's predecessor setup an Oracle account (on an 8i server) called "db2joiner" which is linked to the db2inst1 account inside the UDB. In the past, whenever I needed to create a new nickname, I could re-use the existing AuthID and Password.

    Long story short, I don't know the password that is saved in the system. Nor does my predecessor. DB2 UDB does.

    My question is: Is there any way to recover a password for an AuthID which is linking a DB2 Account to an Oracle Account?

    Edit: Re-reading, I fear I may not have cleary communicated my question. Specifically, my question pertains to the Remote_AuthID & Remote_Password stored within a particular "User Mapping." IBM has detailed how to alter the information, but I need to recover the Remote_Password. The Oracle DBA's tell me they can't do it from their end. They can change the "db2joiner" password for me, but not recover it.

    DB2 UDB obviously "knows" the password. I just want her to tell me so I can re-use it on a new Server Mapping. Any assistance you can provide will be most greatly appreciated.
    Last edited by dawson_davis; 06-23-11 at 12:40.

  2. #2
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    The password is encrypted in the database, so there is no way to query for it. Why not just have the Oracle DBA change the password for db2joiner and you change all of the user mappings as well as add the new one using the new password?

    Andy

  3. #3
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    The default in DB2 is to use server authentication, which means that DB2 uses the accounts and passwords of the server OS (Linux in your case). DB2 does not have passwords of its own.

    It is possible that in your case that you are using Client Authentication, but not sure from your post. However, passwords are not stored in DB2 for client authentication either.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  4. #4
    Join Date
    Jun 2011
    Posts
    4
    Quote Originally Posted by ARWinner View Post
    The password is encrypted in the database, so there is no way to query for it. Why not just have the Oracle DBA change the password for db2joiner and you change all of the user mappings as well as add the new one using the new password?

    Andy
    Thanks Andy. That may be my only option. I'm trying to avoid it due to the production impact.

    If nobody can provide me with a way to recover the password, I think what I'll do is setup a new Oracle account ("db2joiner2"), and start moving things over one at a time.

  5. #5
    Join Date
    Jun 2011
    Posts
    4
    Quote Originally Posted by Marcus_A View Post
    The default in DB2 is to use server authentication, which means that DB2 uses the accounts and passwords of the server OS (Linux in your case). DB2 does not have passwords of its own.

    It is possible that in your case that you are using Client Authentication, but not sure from your post. However, passwords are not stored in DB2 for client authentication either.
    Marcus, thanks very much for your reply. What you say is true of course.

    The db2inst1 account is a Linux OS account. Fortunately, I have the db2inst1 password. The password I am trying to recover is not a db2 account, but rather a USER_MAPPING REMOTE_AUTHID REMOTE_PASSWORD. Essentially, I'm trying to recover the Oracle Account password which is presently stored on my DB2 UDB.

  6. #6
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Quote Originally Posted by dawson_davis View Post
    Marcus, thanks very much for your reply. What you say is true of course.

    The db2inst1 account is a Linux OS account. Fortunately, I have the db2inst1 password. The password I am trying to recover is not a db2 account, but rather a USER_MAPPING REMOTE_AUTHID REMOTE_PASSWORD. Essentially, I'm trying to recover the Oracle Account password which is presently stored on my DB2 UDB.
    My mistake. I started typing my response before ARWinner posted an explanation of what it was.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  7. #7
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    The REMOTE_PASSWORD is indeed stored encrypted - pretty much in the same way as any decent operating system is doing it today. So either you change the password as suggested, or you try to brute-force/crack it. Unless it is a simple password, you're probably much better off with changing it.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  8. #8
    Join Date
    Jun 2011
    Posts
    4
    Knut and Marcus, thanks very much for your replies.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •