IBM Support

LI76034: DB2 DOES NOT CALL PAM_SETCRED() TO RESET THE COUNTER AFTER A SUCCESSFUL LOGIN ON LINUX

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Linux can be configured to lock out a user after a set number of
    unsuccessful logins using the pam_tally modules. DB2 supports
    this but the counter is never decremented. This means that the
    user will get locked out even though all the connections were
    successful. DB2 needs to be modified to call pam_setcred() after
    a successful connection to reset the counter.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Linux users                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Linux can be configured to lock out a user after a set       *
    * number of                                                    *
    * unsuccessful logins using the pam_tally modules. DB2         *
    * supports                                                     *
    * this but the counter is never decremented. This means that   *
    * the                                                          *
    * user will get locked out even though all the connections     *
    * were                                                         *
    * successful. DB2 needs to be modified to call pam_setcred()   *
    * after                                                        *
    * a successful connection to reset the counter.                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 v9.5 FP8                                      *
    ****************************************************************
    

Problem conclusion

  • Problem first fixed in DB2 v9.5 FP8
    

Temporary fix

Comments

APAR Information

  • APAR number

    LI76034

  • Reported component name

    DB2 UDE ESE LIN

  • Reported component ID

    5765F4104

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-03-11

  • Closed date

    2011-07-07

  • Last modified date

    2011-07-07

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IC75318 IC75514

Fix information

  • Fixed component name

    DB2 UDE ESE LIN

  • Fixed component ID

    5765F4104

Applicable component levels

  • R950 PSN

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEPGG","label":"DB2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
07 July 2011