Topic
  • 12 replies
  • Latest Post - ‏2015-03-01T10:26:52Z by huangyouhai
geecee
geecee
4 Posts

Pinned topic SQL30082N Security processing failed with reason "15"

‏2008-12-05T09:20:35Z |
Hello,

I'm having an issue migrating from MySQL to DB2 for a Rails application.

The "db2 connect" command works fine however the following db2 command is failing:
"db2 connect to dev user db2iss using mypassword"
ERROR:
SQL30082N Security processing failed with reason "15" ("PROCESSING FAILURE"). SQLSTATE=08001

uname -r
2.6.27.5-37.fc9.i686

db2level:
DB21085I Instance "db2iss" uses "32" bits and DB2 code release "SQL09050" with level identifier "03010107". Informational tokens are "DB2 v9.5.0.0", "s071001", "LINUXIA3295", and Fix Pack "0". Product is installed at "/opt/ibm/db2/V9.5".

db2 list db directory
Database alias = DEV
Database name = DEV
Local database directory = /db2/ISS
Database release level = c.00
Comment =
Directory entry type = Indirect
Catalog database partition number = 0
Alternate server hostname =
Alternate server port number =

db2 get dbm cfg |grep AUTH
Server Connection Authentication (SRVCON_AUTH) = NOT_SPECIFIED
Database manager authentication (AUTHENTICATION) = SERVER
Cataloging allowed without authority (CATALOG_NOAUTH) = NO
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT
Bypass federated authentication (FED_NOAUTH) = NO

I validated permission in the db2 security folder as follows:
-r-s--x--x 1 root db2iss 66084 2008-12-05 00:45 db2chpw
-r-s--x--x 1 root db2iss 3161730 2008-12-05 00:45 db2ckpw

Perhaps this is another Linux/Fedora (yes I know it's not Redhat) issue with Express-C.

Suggestions appreciated.

Thanks,
Greg
Updated on 2010-04-24T07:37:57Z at 2010-04-24T07:37:57Z by heidou
  • _mihai_
    _mihai_
    10 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-05T21:31:12Z  
    What password encryption algorithm are you using?
    How long is the password hash for this user in the password file?

    Regards,
    Mihai
  • geecee
    geecee
    4 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-06T02:05:56Z  
    • _mihai_
    • ‏2008-12-05T21:31:12Z
    What password encryption algorithm are you using?
    How long is the password hash for this user in the password file?

    Regards,
    Mihai
    Thanks for your reply. What password encryption algorithm and hash are you referring to? My instance owner password is currently 7 characters long. A read a similar reply to the same error message in another post but nobody replied with a solution or more detail.

    Regards,
    Greg
  • _mihai_
    _mihai_
    10 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-06T04:57:06Z  
    • geecee
    • ‏2008-12-06T02:05:56Z
    Thanks for your reply. What password encryption algorithm and hash are you referring to? My instance owner password is currently 7 characters long. A read a similar reply to the same error message in another post but nobody replied with a solution or more detail.

    Regards,
    Greg
    I am referring to the one the operating system is using to compute the hash for the password.
    It is very likely producing a hash that is bigger than what DB2 supports and that is why you are seeing the error.
    I suggest you change the operating password encryption algorithm to one that produces a shorter hash.
    Note once you configure your system to use a different password encryption algorithm you will have to change the password for the user so that the password hash is computed with the new password encryption algorithm.

    You are likely using sha512, change it to sha256 or md5, it should work fine.

    Regards,
    Mihai
  • geecee
    geecee
    4 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-08T02:08:35Z  
    • _mihai_
    • ‏2008-12-06T04:57:06Z
    I am referring to the one the operating system is using to compute the hash for the password.
    It is very likely producing a hash that is bigger than what DB2 supports and that is why you are seeing the error.
    I suggest you change the operating password encryption algorithm to one that produces a shorter hash.
    Note once you configure your system to use a different password encryption algorithm you will have to change the password for the user so that the password hash is computed with the new password encryption algorithm.

    You are likely using sha512, change it to sha256 or md5, it should work fine.

    Regards,
    Mihai
    Thanks for clarifying Mihai. I'm in the process of tracking down how to do this on my Fedora O/S. Sadly, this isn't my first Fedora issue with DB2 and I might switch over to one of the officially supported distros such as Ubuntu.
  • SystemAdmin
    SystemAdmin
    5837 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-08T11:46:04Z  
    • geecee
    • ‏2008-12-08T02:08:35Z
    Thanks for clarifying Mihai. I'm in the process of tracking down how to do this on my Fedora O/S. Sadly, this isn't my first Fedora issue with DB2 and I might switch over to one of the officially supported distros such as Ubuntu.
    I had the same problem on Ubuntu v8.10.

    I replaced the following line in /etc/pam.d/common-password
    password success=1 default=ignore pam_unix.so obscure sha512
    with the line below:
    password success=1 default=ignore pam_unix.so obscure md5

    then, reset the passwords of the db2 users using "passwd" command.
    and the problem solved.
    Thanks for the clue above.
  • geecee
    geecee
    4 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-10T01:52:18Z  
    I had the same problem on Ubuntu v8.10.

    I replaced the following line in /etc/pam.d/common-password
    password success=1 default=ignore pam_unix.so obscure sha512
    with the line below:
    password success=1 default=ignore pam_unix.so obscure md5

    then, reset the passwords of the db2 users using "passwd" command.
    and the problem solved.
    Thanks for the clue above.
    That got me pointed in the right direction.
    I updated /etc/pam.d/system-auth-ac on Fedora and now it's working.

    Thanks.
  • NormWong
    NormWong
    25 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2008-12-11T04:41:42Z  
    I had the same problem on Ubuntu v8.10.

    I replaced the following line in /etc/pam.d/common-password
    password success=1 default=ignore pam_unix.so obscure sha512
    with the line below:
    password success=1 default=ignore pam_unix.so obscure md5

    then, reset the passwords of the db2 users using "passwd" command.
    and the problem solved.
    Thanks for the clue above.
    Excellent response. I just came across the same problem with the DB2 Express-C 9.5 fp2 beta on Ubuntu 8.
    Norm
  • SystemAdmin
    SystemAdmin
    5837 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2009-03-01T18:18:53Z  
    • _mihai_
    • ‏2008-12-06T04:57:06Z
    I am referring to the one the operating system is using to compute the hash for the password.
    It is very likely producing a hash that is bigger than what DB2 supports and that is why you are seeing the error.
    I suggest you change the operating password encryption algorithm to one that produces a shorter hash.
    Note once you configure your system to use a different password encryption algorithm you will have to change the password for the user so that the password hash is computed with the new password encryption algorithm.

    You are likely using sha512, change it to sha256 or md5, it should work fine.

    Regards,
    Mihai
    mihai
    If you change the password after changing the encryption level in Linux can it be changed to SAME password?
    wombat53
  • _mihai_
    _mihai_
    10 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2009-03-02T02:01:22Z  
    mihai
    If you change the password after changing the encryption level in Linux can it be changed to SAME password?
    wombat53
    Hi Wombat

    It depends on your OS settings for password rules.
    For example your OS may be configured not to allow you to recycle passwords for 2,3, 4 etc password changes.

    However the answer is yes, you can change the password to be the same.
    When the password is changed it is computed with the system wide encryption algorithm in use at that time.

    Mihai
  • SystemAdmin
    SystemAdmin
    5837 Posts

    Re: SQL30082N Security processing failed with reason "15"

    ‏2009-06-02T17:27:51Z  
    • _mihai_
    • ‏2009-03-02T02:01:22Z
    Hi Wombat

    It depends on your OS settings for password rules.
    For example your OS may be configured not to allow you to recycle passwords for 2,3, 4 etc password changes.

    However the answer is yes, you can change the password to be the same.
    When the password is changed it is computed with the system wide encryption algorithm in use at that time.

    Mihai
    Actually if you just change to "md5" will work.
    Into Ubuntu 9.04 - the Jaunty Jackalope - released in April 2009 will be like this:

    password sufficient pam_unix.so remember=1 nullok_secure use_authtok md5 shadow

    This also solve this kind of error message:

    ibmdb2jcct4201011246 Connection authorization failure occurred. Reason: Local security service non-retryable error.
  • heidou
    heidou
    1 Post

    Re: SQL30082N Security processing failed with reason "15"

    ‏2010-04-24T07:37:57Z  
    I had the same problem on Ubuntu v8.10.

    I replaced the following line in /etc/pam.d/common-password
    password success=1 default=ignore pam_unix.so obscure sha512
    with the line below:
    password success=1 default=ignore pam_unix.so obscure md5

    then, reset the passwords of the db2 users using "passwd" command.
    and the problem solved.
    Thanks for the clue above.
    I face the same issue,but my os is aix 5.3.0.0. i don't know to change which file.
  • huangyouhai
    huangyouhai
    1 Post

    Re: SQL30082N Security processing failed with reason "15"

    ‏2015-03-01T10:26:52Z  

    (1) db2stop      (2)./db2iupdt db2inst1   (3) db2start