Fixes are available
DB2 Version 9.5 Fix Pack 3b for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 2a for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 2 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 4a for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 6a for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows
APAR status
Closed as program error.
Error description
When GSS authentication is used, database backup from admin_cmd store procedure fails with error SQL30082N Security processing failed with reason "25" ("CONNECTION DISALLOWED"). Below GSS authentication types are in effect: KERBEROS, GSSPLUGIN, KRB_SERVER_ENCRYPT, GSS_SERVER_ENCRYPT
Local fix
The ALLOW_LOCAL_FALLBACK feature allows the DB2 server to fallback to using SERVER authentication for local implicit connects or attaches when the server is configured to use GSS plugins. The workaround is to set DB2AUTH registry variable to ALLOW_LOCAL_FALLBACK and restart the instance. db2set DB2AUTH=ALLOW_LOCAL_FALLBACK And then restart the instance.
Problem summary
Users Affected: V9.5 using GSS authentication with admin_cmd for backup process. Problem Description: When GSS authentication is used, database backup from admin_cmd store procedure fails with error SQL30082N Security processing failed with reason "25" ("CONNECTION DISALLOWED"). Below GSS authentication types are in effect: KERBEROS, GSSPLUGIN, KRB_SERVER_ENCRYPT, GSS_SERVER_ENCRYPT
Problem conclusion
First Fixed in DB2 UDB Version 9.5, Fixpack 2.
Temporary fix
The ALLOW_LOCAL_FALLBACK feature allows the DB2 server to fallback to using SERVER authentication for local implicit connects or attaches when the server is configured to use GSS plugins. The workaround is to set DB2AUTH registry variable to ALLOW_LOCAL_FALLBACK and restart the instance. db2set DB2AUTH=ALLOW_LOCAL_FALLBACK And then restart the instance.
Comments
APAR Information
APAR number
LI73376
Reported component name
DB2 UDE ESE LIN
Reported component ID
5765F4104
Reported release
950
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-05-05
Closed date
2008-08-28
Last modified date
2008-08-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DB2 UDE ESE LIN
Fixed component ID
5765F4104
Applicable component levels
R950 PSY
UP
Document Information
Modified date:
28 August 2008