Technote (troubleshooting)
Problem(Abstract)
'Security processing failed' or GLPCDB004E error while configuring db using idscfgdb command.
Symptom
In db2diag.log
2011-05-31-14.50.35.975284+120 I34698E286 LEVEL: Warning
PID : 6916 TID : 140595427845888
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage,
probe:20
DATA #1 : String, 66 bytes
Password validation for user ldapdb2 failed with rc = -2146500504
2011-05-31-14.50.36.438222+120 I36621E286 LEVEL: Warning
PID : 6658 TID : 140595427845888
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage,
probe:20
DATA #1 : String, 66 bytes
Password validation for user ldapdb2 failed with rc = -2146500504
2011-05-31-14.50.36.438525+120 I36908E436 LEVEL: Severe
PID : 6658 TID : 140595427845888PROC : db2agent
(instance) 0
INSTANCE: ldapdb2 NODE : 000
APPHDL : 0-9 APPID: *LOCAL.ldapdb2.110531125036
FUNCTION: DB2 UDB, base sys utilities, sqleattach_agent, probe:60
RETCODE : ZRC=0x805C012D=-2141454035=SQLEX_AUTH_SYSERR
"Unable to authentication because of system error"
ASCII trace file :
164:08:50:46 T-143107888 checkSQLStatus: sclca->sqlcode=-30082
buff=[SQL30082N Security processing failed with reason "15"
("PROCESSING FAILURE"). SQLSTATE=08001
Cause
There could be several reasons and one of them is the length of the encrypted password for database user. If encrypted password for database user within the '/etc/shadow' file exceeds 64 bytes(which is the maximum supported length for DB2) such error is reported by the system. The maximum length of supported password by DB2 is 64 bytes.
Environment
ALL Unix
Resolving the problem
To resolve this problem, please have appropriate hashing algorithm method implemented which will enable to have system password length of 64 bytes or lower.
For example, on Linux (RHEL 5 + TDS 6.2 + DB2 v9.5.0.1) you can execute below mentioned command to change the hashing type to SHA256 from default md5.
First find out what hashing algorithm you are using..
# authconfig --test | grep hashing
With below example, we will change algorithm to sha256
# authconfig --passalgo=sha256 --update
In AIX, 'smitty' utility can be used to change the hashing algorithm.
For better understanding, refer to operating system manuals and system administrator
Historical Number
10344
300
624
Product Alias/Synonym
tds
itds
TDS
ITDS
DS
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.