db2 authentication anomaly?

Harishkumar .Pathangay

db2 authentication anomaly?

First step Set AUTHENTICATION as CLIENT in DBM CFG.

Launch a DB2 Terminal Window :
db2 activate db space user db2admin using db2admin
SUCCESS
db2 deactivate db space
db2 terminate
db2 activate db space user db2admin using boohah
SUCCESS
What???????? boohah is not a valid password, whole world knows that.

db2 deactivate db space
db2 backup db space user db2admin using db2admin
SUCCESS
db2 backup db space user db2admin using boohah
FAILURE - SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID").

Why Backup is Failing, but Activation is Allowed? Why DB2 Why?

Thanks,
Harish Pathangay

Harishkumar .Pathangay

RE: db2 authentication anomaly?
(in response to Harishkumar .Pathangay)

hi,

any inputs on this.

is this how activation works. or is it a minor glitch?

you do not need user name and password to connect or attach or activate db in client based authentication mechanism or setting. but if you pass user name then it must have proper password validation done at client side os right?

thanks,

harish pathangay

Harishkumar .Pathangay

RE: db2 authentication anomaly?
(in response to Harishkumar .Pathangay)

https://youtu.be/2URnzUQT9sg

A Video demonstrating the above said issue.

 

thanks,

harish p

Prashant Shettar

RE: db2 authentication anomaly?
(in response to Harishkumar .Pathangay)

Hello Hari,

 

 Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.

 

Regards

Prashant Shettar 

Harishkumar .Pathangay

db2 authentication anomaly?
(in response to Prashant Shettar)
Hi,
First Very Important thing:
My Name is Harish. Please address me as Harish.
Hari is not my name.

DB2 Details:
All Default Values Only. I did not change it.
YOUTUBE.COM/DB2LUWACADEMY## db2 get dbm cfg|grep -i trust
Trust all clients (TRUST_ALLCLNTS) = YES
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT

What I am not able to understand is, Activation is allowed with incorrect password.
I am not talking about disabling the remote activation ability.
It is a different issue.

Thanks,
Harish P

Sent from Mail for Windows 10

From: Prashant Shettar
Sent: 11 May 2017 18:55
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hello Hari,
 
 Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.
 
Regards
Prashant Shettar 


Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email]
Learn how ESAi's fast data refresh & Test Data Management products can save up to 90% in CPU, I/O
and manual efforts compared to typical solutions. Be a hero to your users with BCV5 & XDM. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2


Attachments

  • 752D31833F464CC89D09705163F30744.png (<1k)

Mark Vickers

db2 authentication anomaly?
(in response to Harishkumar .Pathangay)
Harish is an abbreviation of Harishkumar right ?
Hari qualifies in the same category as an abbreviation.
If you ask for help from this group, I suggest you be more cordial, it also could have been a typo, so chill out dude.

Thanks,
Mark.

From: Harishkumar .Pathangay [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 9:27 AM
To: Prashant Shettar
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hi,
First Very Important thing:
My Name is Harish. Please address me as Harish.
Hari is not my name.

DB2 Details:
All Default Values Only. I did not change it.
YOUTUBE.COM/DB2LUWACADEMY## db2 get dbm cfg|grep -i trust
Trust all clients (TRUST_ALLCLNTS) = YES
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT

What I am not able to understand is, Activation is allowed with incorrect password.
I am not talking about disabling the remote activation ability.
It is a different issue.

Thanks,
Harish P

Sent from Mail https://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Prashant Shettar<mailto:[login to unmask email]>
Sent: 11 May 2017 18:55
To: [login to unmask email]<mailto:[login to unmask email]>
Subject: [DB2-L] - RE: db2 authentication anomaly?


Hello Hari,



Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.



Regards

Prashant Shettar


-----End Original Message-----



-----End Original Message-----

Philip Sevetson

db2 authentication anomaly?
(in response to Mark Vickers)
**please note my email address change**
I need to not speak as an Admin for a moment, if y’all will excuse me taking off the hat…

Mark, there are other people on the List who have preferred abbreviations and reasonably expect their names not to be distorted. The original replier has the option of not continuing the conversation if he finds Harish’s request to be rude (which I personally do not). He used polite forms.

Philip Sevetson
Computer Systems Manager
5 Manhattan West (33rd St at 10th Ave)
New York, NY 10001-2632
212-857-1688 w
917-991-7052 c
212-857-1659 f
[cid:[login to unmask email]

From: Vickers, Mark [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 12:45 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Harish is an abbreviation of Harishkumar right ?
Hari qualifies in the same category as an abbreviation.
If you ask for help from this group, I suggest you be more cordial, it also could have been a typo, so chill out dude.

Thanks,
Mark.

From: Harishkumar .Pathangay [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 9:27 AM
To: Prashant Shettar
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hi,
First Very Important thing:
My Name is Harish. Please address me as Harish.
Hari is not my name.

DB2 Details:
All Default Values Only. I did not change it.
YOUTUBE.COM/DB2LUWACADEMY## db2 get dbm cfg|grep -i trust
Trust all clients (TRUST_ALLCLNTS) = YES
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT

What I am not able to understand is, Activation is allowed with incorrect password.
I am not talking about disabling the remote activation ability.
It is a different issue.

Thanks,
Harish P

Sent from Mail https://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Prashant Shettar<mailto:[login to unmask email]>
Sent: 11 May 2017 18:55
To: [login to unmask email]<mailto:[login to unmask email]>
Subject: [DB2-L] - RE: db2 authentication anomaly?


Hello Hari,



Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.



Regards

Prashant Shettar


-----End Original Message-----



-----End Original Message-----

-----End Original Message-----
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
Attachments

  • image001.png (3.3k)

Ian Bjorhovde

db2 authentication anomaly?
(in response to Harishkumar .Pathangay)
Back on topic:

This appears to be a bug.  I would suggest opening a PMR with IBM to address this.


Ian Bjorhovde
IBM Gold Consultant


On May 11, 2017, 12:40 AM -0700, Harishkumar .Pathangay <[login to unmask email]>, wrote:
> hi,
> any inputs on this.
> is this how activation works. or is it a minor glitch?
> you do not need user name and password to connect or attach or activate db in client based authentication mechanism or setting. but if you pass user name then it must have proper password validation done at client side os right?
> thanks,
> harish pathangay
>
> Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription
>
> This email has been sent to: [login to unmask email]
> Learn how ESAi's fast data refresh & Test Data Management products can save up to 90% in CPU, I/O
> and manual efforts compared to typical solutions. Be a hero to your users with BCV5 & XDM. See
> http://www.ESAIGroup.com/idug
>
> Use of this email content is governed by the terms of service at:
> http://www.idug.org/p/cm/ld/fid=2

Mark Vickers

db2 authentication anomaly?
(in response to Philip Sevetson)
Back off topic:

Phil : “He used polite forms.”

Mark: “I respectfully disagree:
[Hi,
First Very Important thing:]
Is not polite, without that sentence, it would have been fine.”


From: Sevetson, Phil [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 12:03 PM
To: '[login to unmask email]'
Subject: [DB2-L] - RE: db2 authentication anomaly?

**please note my email address change**
I need to not speak as an Admin for a moment, if y’all will excuse me taking off the hat…

Mark, there are other people on the List who have preferred abbreviations and reasonably expect their names not to be distorted. The original replier has the option of not continuing the conversation if he finds Harish’s request to be rude (which I personally do not). He used polite forms.

Philip Sevetson
Computer Systems Manager
5 Manhattan West (33rd St at 10th Ave)
New York, NY 10001-2632
212-857-1688 w
917-991-7052 c
212-857-1659 f
[cid:[login to unmask email]

From: Vickers, Mark [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 12:45 PM
To: [login to unmask email]<mailto:[login to unmask email]>
Subject: [DB2-L] - RE: db2 authentication anomaly?

Harish is an abbreviation of Harishkumar right ?
Hari qualifies in the same category as an abbreviation.
If you ask for help from this group, I suggest you be more cordial, it also could have been a typo, so chill out dude.

Thanks,
Mark.

From: Harishkumar .Pathangay [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 9:27 AM
To: Prashant Shettar
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hi,
First Very Important thing:
My Name is Harish. Please address me as Harish.
Hari is not my name.

DB2 Details:
All Default Values Only. I did not change it.
YOUTUBE.COM/DB2LUWACADEMY## db2 get dbm cfg|grep -i trust
Trust all clients (TRUST_ALLCLNTS) = YES
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT

What I am not able to understand is, Activation is allowed with incorrect password.
I am not talking about disabling the remote activation ability.
It is a different issue.

Thanks,
Harish P

Sent from Mail https://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Prashant Shettar<mailto:[login to unmask email]>
Sent: 11 May 2017 18:55
To: [login to unmask email]<mailto:[login to unmask email]>
Subject: [DB2-L] - RE: db2 authentication anomaly?


Hello Hari,



Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.



Regards

Prashant Shettar


-----End Original Message-----



-----End Original Message-----

-----End Original Message-----
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
-----End Original Message-----

Harishkumar .Pathangay

db2 authentication anomaly?
(in response to Ian Bjorhovde)
Thanks for your inputs.
I do not have paid support from IBM.

Thanks,
Harish P


Sent from Mail for Windows 10

From: Ian Bjorhovde
Sent: 11 May 2017 22:47
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Back on topic:

This appears to be a bug.  I would suggest opening a PMR with IBM to address this.  


Ian Bjorhovde
IBM Gold Consultant


On May 11, 2017, 12:40 AM -0700, Harishkumar .Pathangay <[login to unmask email]>, wrote:

hi,
any inputs on this.
is this how activation works. or is it a minor glitch?
you do not need user name and password to connect or attach or activate db in client based authentication mechanism or setting. but if you pass user name then it must have proper password validation done at client side os right?
thanks,
harish pathangay

-----End Original Message-----


Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email]
Learn how ESAi's fast data refresh & Test Data Management products can save up to 90% in CPU, I/O
and manual efforts compared to typical solutions. Be a hero to your users with BCV5 & XDM. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2


Attachments

  • 3F87840300164EE08A53DD1426293AD8.png (<1k)

Harishkumar .Pathangay

db2 authentication anomaly?
(in response to Mark Vickers)
Hi,
I kindly request all to address me as Harish.
Hari is not my name.
I never intend to be offensive or rude to people. Inconvenience Regretted.

Thanks,
Harish P

Sent from Mail for Windows 10

From: Vickers, Mark
Sent: 12 May 2017 02:18
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Back off topic:

Phil : “He used polite forms.”

Mark: “I respectfully disagree:
[Hi,
First Very Important thing:]
Is not polite, without that sentence, it would have been fine.”


From: Sevetson, Phil [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 12:03 PM
To: '[login to unmask email]'
Subject: [DB2-L] - RE: db2 authentication anomaly?

**please note my email address change**
I need to not speak as an Admin for a moment, if y’all will excuse me taking off the hat…

Mark, there are other people on the List who have preferred abbreviations and reasonably expect their names not to be distorted. The original replier has the option of not continuing the conversation if he finds Harish’s request to be rude (which I personally do not).  He used polite forms.

Philip Sevetson
Computer Systems Manager
5 Manhattan West (33rd St at 10th Ave)
New York, NY 10001-2632
212-857-1688 w
917-991-7052 c
212-857-1659 f


From: Vickers, Mark [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 12:45 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Harish is an abbreviation of Harishkumar right ?
Hari qualifies in the same category as an abbreviation.
If you ask for help from this group, I suggest you be more cordial, it also could have been a typo, so chill out dude.

Thanks,
Mark.

From: Harishkumar .Pathangay [mailto:[login to unmask email]
Sent: Thursday, May 11, 2017 9:27 AM
To: Prashant Shettar
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hi,
First Very Important thing:
My Name is Harish. Please address me as Harish.
Hari is not my name.

DB2 Details:
All Default Values Only. I did not change it.
YOUTUBE.COM/DB2LUWACADEMY## db2 get dbm cfg|grep -i trust
Trust all clients                      (TRUST_ALLCLNTS) = YES
Trusted client authentication          (TRUST_CLNTAUTH) = CLIENT

What I am not able to understand is, Activation is allowed with incorrect password.
I am not talking about disabling the remote activation ability.
It is a different issue.

Thanks,
Harish P

Sent from Mail for Windows 10

From: Prashant Shettar
Sent: 11 May 2017 18:55
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hello Hari,
 
 Can you provide values for trust_allclnts and trust_clntauth dbm cfg parameter ? Just to understand where the authentication is done.
 
Regards
Prashant Shettar 


-----End Original Message-----



-----End Original Message-----

-----End Original Message-----
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
-----End Original Message-----


Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email]
Learn how ESAi's fast data refresh & Test Data Management products can save up to 90% in CPU, I/O
and manual efforts compared to typical solutions. Be a hero to your users with BCV5 & XDM. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2


Attachments

  • 29C51566B1DD4F7A9F0BAE61983C88C0.png (<1k)

Prashant Shettar

RE: db2 authentication anomaly?
(in response to Harishkumar .Pathangay)

Hello 

My intention was not to distort anybody's name. It was just abbreviation I used. My apology. 

Coming to the issue. 

  If your objective is to stop db2 server from activating the database when passing the wrong password, it can be done by setting TRUST_CLNTAUTH to SERVER. 

Excerpt from info center.

The trust_clntauth parameter is used to determine where the clients mentioned previously are authenticated: if trust_clntauth is CLIENT, authentication takes place at the client. If trust_clntauth is SERVER, authentication takes place at the client when no user ID and password are provided and at the server when a user ID and password are provided.

Regards

Prashant Shettar 

Harishkumar .Pathangay

db2 authentication anomaly?
(in response to Prashant Shettar)
Hi,
No. That is not my objective.

Thanks,
Harish P

Sent from Mail for Windows 10

From: Prashant Shettar
Sent: 12 May 2017 13:25
To: [login to unmask email]
Subject: [DB2-L] - RE: db2 authentication anomaly?

Hello 
My intention was not to distort anybody's name. It was just abbreviation I used. My apology. 
Coming to the issue. 
  If your objective is to stop db2 server from activating the database when passing the wrong password, it can be done by setting TRUST_CLNTAUTH to SERVER. 
Excerpt from info center.
The trust_clntauth parameter is used to determine where the clients mentioned previously are authenticated: if trust_clntauth is CLIENT, authentication takes place at the client. If trust_clntauth is SERVER, authentication takes place at the client when no user ID and password are provided and at the server when a user ID and password are provided.
Regards
Prashant Shettar 


Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email]
Learn how ESAi's fast data refresh & Test Data Management products can save up to 90% in CPU, I/O
and manual efforts compared to typical solutions. Be a hero to your users with BCV5 & XDM. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2


Attachments

  • 2AFF92CE28A34FDFB10D4A8AAD232DA5.png (<1k)