IBM Support

LI73376: When GSS authentication is used, database backup from admin_cmd store procedure fails with error SQL30082N rc=25.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When GSS authentication is used, database backup from admin_cmd
    store procedure fails with error SQL30082N Security processing
    failed with reason "25"  ("CONNECTION DISALLOWED").
    
    Below GSS authentication types are in effect:
    KERBEROS, GSSPLUGIN, KRB_SERVER_ENCRYPT, GSS_SERVER_ENCRYPT
    

Local fix

  • The ALLOW_LOCAL_FALLBACK feature allows the DB2 server to
    fallback to using SERVER authentication for local implicit
    connects or attaches when the server is configured to use GSS
    plugins.
    
    The workaround is to set DB2AUTH registry variable to
    ALLOW_LOCAL_FALLBACK and restart the instance.
    
    db2set DB2AUTH=ALLOW_LOCAL_FALLBACK
    And then restart the instance.
    

Problem summary

  • Users Affected:
    V9.5 using GSS authentication with admin_cmd for backup process.
    
    
    Problem Description:
    
    When GSS authentication is used, database backup from admin_cmd
    store procedure fails with error SQL30082N Security processing
    failed with reason "25" ("CONNECTION DISALLOWED").
    
    Below GSS authentication types are in effect:
    KERBEROS, GSSPLUGIN, KRB_SERVER_ENCRYPT, GSS_SERVER_ENCRYPT
    

Problem conclusion

  • First Fixed in DB2 UDB Version 9.5, Fixpack 2.
    

Temporary fix

  • The ALLOW_LOCAL_FALLBACK feature allows the DB2 server to
    fallback to using SERVER authentication for local implicit
    connects or attaches when the server is configured to use GSS
    plugins.
    
    The workaround is to set DB2AUTH registry variable to
    ALLOW_LOCAL_FALLBACK and restart the instance.
    
    db2set DB2AUTH=ALLOW_LOCAL_FALLBACK
    And then restart the instance.
    

Comments

APAR Information

  • APAR number

    LI73376

  • Reported component name

    DB2 UDE ESE LIN

  • Reported component ID

    5765F4104

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-05-05

  • Closed date

    2008-08-28

  • Last modified date

    2008-08-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDE ESE LIN

  • Fixed component ID

    5765F4104

Applicable component levels

  • R950 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEPGG","label":"DB2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
28 August 2008