IBM Support

Database connection fails with authentication error SQL1639N

Troubleshooting


Problem

Connection to database when using username and password can fail with error SQL1639N The database server was unable to perform authentication because security-related database manager files on the server do not have the required operating system permissions.

Cause

This is caused by incorrect permissions and ownership of the following security files in ~/sqllib/security directory
db2chpw
db2ckpw

These files should have root as owner and must have permission -r-s--x--x

Resolving The Problem

cd to <instance_home directory>/sqllib/security before continuing.
1) Check/Change the owner of the files to root

Check files db2chpw and db2ckpw to make sure owner is root. It is required to have the root permission on these files so that users can be authenticated successfully outside of db2.

How to check:

a) Run the command ls -la to show owner of the files in the sqllib/security directory.

b) If owner is not root for these two files, run chown root db2chpw as well as chown root db2ckpw.

2) Change the permission of the files to -r-s--x--x

Check files db2chpw and db2ckpw to make sure permissions are set to -r-s--x--x.

How to check:

a) Run the command ls -la to show permissions of the files in the sqllib/security directory.

b) If permissions on files db2chpw and db2ckpw are not set to -r-s--x--x, 

chmod 4511 <filename>      will change permissions to -r-s--x--x

3) Update the instance using db2iupdt

Run the command db2iupdt <instance name> to update the db2 instance with the changes that were made.
*The instance must be stopped before db2iupdt.

Note: Changing permissions under the instance directory is not supported by default, and the effects of accidental changes have not been tested and cannot be predicted.
If immediate recovery is a priority, db2iupdt is an option, but to eliminate potential problems in the future, it is recommended that the instance be recreated using the procedures in the following document.
[Db2] How to repair or recreate a Db2 instance

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Database Objects\/Config - Authorization\/Privilege","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"9.7;10.1;10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
20 May 2024

UID

swg21987678

Page Feedback