Validation of user logins

As a newbie to DB2 I have a strange problem on a zSeries linux box I
hope someone can answer.

I have created a linux user,

user=mytest
pw=mytest

who is the instance owner and has created a database called mydatabase
with our application schema.

When entering db2 I can enter ok via,

db2> connect to mydatabase

This allows me access to the db where I can load/view data in the
normal fashion. Trouble is we want to do this via an application which
requires us to enter (understandably) a username and password.
Everything I try I ends up with;

[IBM][CLI Driver] SQL30082N Attempt to establish connection failed
with security reason "24" ("USERNAME AND/OR PASSWORD INVALID").
SQLSTATE=08001

So I thought a typo had been made when entering the password when
creating the user. So I went back into db2 and tried;

db2>connect to mydatabase user mytest using mytest

and low and behold I get;

SQL30082N Attempt to establish connection failed with security reason
"24"
("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001

Exactly the same error although the password is correct for the linux
user as it is how I logon to the machine.

The question is why can't I login to db2 using this password. Is there
a way to alter or view the password using the root acount ?

Is there a procedure for checking the authenticity/status of users
allowed to login to a given database ?

Any help much appreciated.

It is not a good practise to use instance owner for application usage.
You should:
1. Create a Linux User ID <user_id> with password
2. create schema <schema_name> authorization <user_id>
3. grant rights to user.....(of course incoming connection right)

> Trouble is we want to do this via an application which
> requires us to enter (understandably) a username and password.

Actually, it is not understandable why you would want to do this. It is much
more logical and a lot less annoying to allow the user to connect to the
database using his operating system logon, rather than requiring him to log
on yet again.

In any case, you must define your end user as a "local" user on the target
machine, and that user must be distinct from the instance owner. This is
regardless of your logon strategy.

"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132586191.814794.92470@g14g2000cwa.googlegro ups.com...
> As a newbie to DB2 I have a strange problem on a zSeries linux box I
> hope someone can answer.
>
> I have created a linux user,
>
> user=mytest
> pw=mytest
>
> who is the instance owner and has created a database called mydatabase
> with our application schema.
>
> When entering db2 I can enter ok via,
>
> db2> connect to mydatabase
>
> This allows me access to the db where I can load/view data in the
> normal fashion. Trouble is we want to do this via an application which
> requires us to enter (understandably) a username and password.
> Everything I try I ends up with;
>
> [IBM][CLI Driver] SQL30082N Attempt to establish connection failed
> with security reason "24" ("USERNAME AND/OR PASSWORD INVALID").
> SQLSTATE=08001
>
> So I thought a typo had been made when entering the password when
> creating the user. So I went back into db2 and tried;
>
> db2>connect to mydatabase user mytest using mytest
>
> and low and behold I get;
>
> SQL30082N Attempt to establish connection failed with security reason
> "24"
> ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
>
> Exactly the same error although the password is correct for the linux
> user as it is how I logon to the machine.
>
> The question is why can't I login to db2 using this password. Is there
> a way to alter or view the password using the root acount ?
>
> Is there a procedure for checking the authenticity/status of users
> allowed to login to a given database ?
>
> Any help much appreciated.
>

Less annoying but more secure !!!

Well as it happens, for this test the linux user + password are the
same as db user so it does not matter.

When we connect using,

db2> connect to mydatabase

It works as the linux user is the default, but there is no way of
achieving this in a C++ application which prompts for a user/password
combination. All I want to know is why

db2> connect to mydatabase user mytest using mytest

fails to login.

How can I determine what is wrong ?

3. grant rights to user.....(of course incoming connection right)

This could be what we are missing....how do we do this ?

Sorted....we had wrong password.

We did not discover this before as we had assumed the password=mytest.
To login we were using root user then,

su - mytest

Of course as we were root we never entered the password and made a
wrong assumption.

Thanks for the help.

No, it is typically less secure to demand a password. You can control your
O/S logon with all sorts of two-factor authentication schemes (SmartCard,
SecurID); however you cannot do this with DB2 - except by telling DB2 to
rely on the O/S login (Kerberos).

"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132656832.854620.116990@o13g2000cwo.googlegr oups.com...
> Less annoying but more secure !!!
>
> Well as it happens, for this test the linux user + password are the
> same as db user so it does not matter.
>
> When we connect using,
>
> db2> connect to mydatabase
>
> It works as the linux user is the default, but there is no way of
> achieving this in a C++ application which prompts for a user/password
> combination. All I want to know is why
>
> db2> connect to mydatabase user mytest using mytest
>
> fails to login.
>
> How can I determine what is wrong ?
>

You really do have a very strange concept of security...

"DB2-newbie" <trevork@talk21.com> wrote in message
news:1132674012.268461.108440@g47g2000cwa.googlegr oups.com...
> Sorted....we had wrong password.
>
> We did not discover this before as we had assumed the password=mytest.
> To login we were using root user then,
>
> su - mytest
>
> Of course as we were root we never entered the password and made a
> wrong assumption.
>
> Thanks for the help.
>

Mark Yudkin wrote:

> No, it is typically less secure to demand a password. You can control your
> O/S logon with all sorts of two-factor authentication schemes (SmartCard,
> SecurID); however you cannot do this with DB2 - except by telling DB2 to
> rely on the O/S login (Kerberos).

You can write your own security plugin, and once you're there you can do
_anything_ you might want to do (and can implement).

--
Knut Stolze
DB2 Information Integration Development
IBM Germany