|
Problem IT36085
|
Status: Closed |
DB2 11.5.5 MAY ENCOUNTER SQL30082N RC 15 WHEN USING GSS_SERVER_ENCRYPT OR KRB_SERVER_ENCRYPT AUTHENTICATION
|
| product: |
DB2 FOR LUW / DB2FORLUW / B50 - DB2 |
| Problem description: |
When the `AUTHENTICATION` dbm parameter is set to
`GSS_SERVER_ENCRYPT` or `KRB_SERVER_ENCRYPT`, userid and
password authentication may fail with SQL30082N RC 15. You may
also see the following message in the db2 diagnostic log:
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage,
probe:20
DATA #1 : String with size, 65 bytes
Password validation for user db2inst1 failed with rc =
-2029060043
This error occurs because the Db2 check password daemon
processes (db2ckpwd) do not spawn under circumstances where
they are needed to check passwords. It is possible to verify
that the db2ckpwd process have not spawned with the db2_ps
command:
----
$ db2_ps
Node 0
UID PID PPID C STIME TTY TIME
CMD
db2inst1 53674164 1 0 11:36:50 - 0:00
db2wdog
db2inst1 19595424 53674164 0 11:36:50 - 0:00
db2sysc
db2inst1 48038006 53674164 0 11:36:50 - 0:00
db2vend (PD Vendor Process - 258)
db2inst1 6291846 53674164 0 11:36:52 - 0:00
db2acd
----
This APAR only affects Db2 v11.5.5.0. Earlier versions of Db2
are not affected. |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service level 11.5.5.0. Earlier releases of Db2 are not *
* affected *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to Db2 11.5.5.1 *
**************************************************************** |
| Local Fix: |
Set `DB2_NUM_CKPW_DAEMONS` registry variable with `FORCESPAWN`
and recycle db2.
db2set DB2_NUM_CKPW_DAEMONS=FORCESPAWN |
| Solution |
|
| Workaround |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service level 11.5.5.0. Earlier releases of Db2 are not *
* affected *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to Db2 11.5.5.1 *
**************************************************************** |
| Comment |
The complete fix for this problem first appears in DB2 Version
11.5.5.1 and all the subsequent Fix Packs.
The fix will ensure the Db2 check password daemon processes
spawn under all needed circumstances. After applying the fix for
this APAR, verify that the db2ckpwd processes spawn with the
db2_ps command:
----
$ db2_ps
Node 0
UID PID PPID C STIME TTY TIME
CMD
db2inst1 19595426 1 0 11:40:26 - 0:00
db2wdog
db2inst1 21823702 19595426 0 11:40:26 - 0:00
db2vend (PD Vendor Process - 258)
db2inst1 36634774 19595426 0 11:40:27 - 0:00
db2acd
db2inst1 41680926 19595426 0 11:40:26 - 0:00
db2ckpwd
db2inst1 48038010 19595426 0 11:40:26 - 0:00
db2ckpwd
db2inst1 53674168 19595426 0 11:40:26 - 0:00
db2sysc
db2inst1 917788 19595426 0 11:40:26 - 0:00
db2ckpwd
---- |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 02.03.2021
01.04.2021
01.04.2021 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
