Customised Federation Java API methods verifyMyRegisterUserInfo
or verifyMyAlterUserInfo that include the REMOTE_PASSWORD option
in the returned UserInfo object will not have the returned value
encrypted by the Federation server before storing.
On subsequent retrieval an error will be generated as the
Federation server will expect the REMOTE_PASSWORD option's value
to be encrypted.
The fix ensure that the returned REMOTE_PASSWORD option values
will be encrypted before storage.
For example, if you run the sample demo from
$HOME/sqllib/samples/wrappers/wrapper_sdk_java after changing
the method verifyMyRegisterUserInfo from the class
UnfencedFileRemoteUser like this :
public UserInfo verifyMyRegisterUserInfo(UserInfo userInfo)
{
return userInfo;
}
db2 "create user mapping for db2inst1 server file_server options
(REMOTE_AUTHID 'auth_id',REMOTE_PASSWORD 'pass_word')"
DB20000I The SQL command completed successfully.
You will receive the following error during the creation of the
nickname :
db2 "create nickname file_a(number integer, text char(20)) for
server file_server options(file_path
'"/home/db2inst1/sample_file_a.txt"')"
DB21034E The command was processed as an SQL statement because
it was not a valid Command Line Processor command.
During SQL processing it returned:
SQL0901N The SQL statement failed because of a non-severe
system error. Subsequent SQL statements can be processed.
(Reason "cryptDecryptBuffer failed".) SQLSTATE=58004
Because the password is not encrypted in the federated catalog
table :
db2 "select
substr(servername,1,20),substr(authid,1,20),substr(option,1,20),
substr(setting,1,20),authidtype from sysibm.sysuseroptions"
1 2 3
4 AUTHIDTYPE
-------------------- --------------------
------------------------ ------------- --------------
FILE_SERVER DB2INST1 REMOTE_AUTHID
auth_id U
FILE_SERVER DB2INST1 REMOTE_PASSWORD pass_word
U
2 record(s) selected. |
