DRDA connection authorization failure
The error messages given for an authorization failure is SQ30082.
Authorization failure on distributed database connection attempt.The cause section of the message gives a reason code and a list of meanings for the possible reason codes. Reason code 17 means that there was an unsupported security mechanism.
Db2® for i implements several Distributed Relational Database Architecture™ (DRDA) security mechanisms that an IBM® i application requester (AR) can use:
- User ID only
- User ID with password
- Encrypted password security mechanism
- Encrypted user ID and password security mechanism
- Kerberos
The encrypted password is sent only if a password is available at the time the connection is initiated.
The default security mechanism for IBM i is the user ID with password mechanism. With the default security configuration, if the application requester sends a user ID with no password to the system, error message SQ30082 with reason code 17 is displayed.
- If the client is trusted by the server and authentication is not required, change the DDM TCP/IP server's authentication setting to password not required.
- If the client is not trusted by the server and authentication is required, change the application to send either a password or authenticated security token (for example, a Kerberos token).
To change the authentication setting of the DDM TCP/IP server, you can use the Change DDM TCP/IP Attributes (CHGDDMTCPA) command or System i® Navigator. If you use System i Navigator, expand , right-click DDM, and select Properties to change the setting.
You can send a password by using the USER/USING form of the SQL CONNECT statement. You can also send a password by using the Add Server Authentication Entry (ADDSVRAUTE) command. The command adds the remote user ID and the password in a server authentication entry for the user profile that you use to make a connection attempt. An attempt is automatically made to send the password encrypted.