REMOTE_PASSWORD not encrypted when returned from customised
Federation Java API methods.
Customised Federation Java API methods verifyMyRegisterUserInfo
or verifyMyAlterUserInfo that include the REMOTE_PASSWORD option
in the returned UserInfo object will not have the returned
value encrypted by the Federation server before storing.
On subsequent retrieval an error will be generated as the
Federation server will expect the REMOTE_PASSWORD option's value
to be encrypted.
The fix for APAR is to address this such that returned
REMOTE_PASSWORD option values will be encrypted before storage.
For example, if you run the sample demo from
$HOME/sqllib/samples/wrappers/wrapper_sdk_java
after changing the method verifyMyRegisterUserInfo from the
class UnfencedFileRemoteUser like this :
public UserInfo verifyMyRegisterUserInfo(UserInfo userInfo)
{
return userInfo;
}
db2 "create user mapping for db2inst1 server file_server options
(REMOTE_AUTHID 'auth_id',REMOTE_PASSWORD 'pass_word')"
DB20000I The SQL command completed successfully.
You will receive the following error during the creation of the
nickname :
db2 "create nickname file_a(number integer, text char(20))
for server file_server options(file_path
'"/home/db2inst1/sample_file_a.txt"')"
DB21034E The command was processed as an SQL statement because
it was not a valid Command Line Processor command.
During SQL processing it returned:
SQL0901N The SQL statement failed because of a non-severe
system error. Subsequent SQL statements can be processed.
(Reason
"cryptDecryptBuffer failed".) SQLSTATE=58004
Because the password is not encrypted in the federated catalog
table :
db2 "select
substr(servername,1,20),substr(authid,1,20),substr(option,1,20),
substr(setting,1,20),authidtype from sysibm.sysuseroptions"
1 2 3 4
AUTHIDTYPE
-------------------- -------------------- --------------------
------------------------
FILE_SERVER DB2INST1 REMOTE_AUTHID
auth_id U
FILE_SERVER DB2INST1 REMOTE_PASSWORD
pass_word U
2 record(s) selected. |
