GLPCDB004E Error while configuring database using idscfgdb utility.

Technote (troubleshooting)


Problem(Abstract)

'Security processing failed' or GLPCDB004E error while configuring db using idscfgdb command.

Symptom

In db2diag.log

2011-05-31-14.50.35.975284+120 I34698E286 LEVEL: Warning
PID : 6916 TID : 140595427845888
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage,
probe:20
DATA #1 : String, 66 bytes
Password validation for user ldapdb2 failed with rc = -2146500504


2011-05-31-14.50.36.438222+120 I36621E286 LEVEL: Warning
PID : 6658 TID : 140595427845888
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage,
probe:20
DATA #1 : String, 66 bytes
Password validation for user ldapdb2 failed with rc = -2146500504


2011-05-31-14.50.36.438525+120 I36908E436 LEVEL: Severe
PID : 6658 TID : 140595427845888PROC : db2agent
(instance) 0
INSTANCE: ldapdb2 NODE : 000
APPHDL : 0-9 APPID: *LOCAL.ldapdb2.110531125036
FUNCTION: DB2 UDB, base sys utilities, sqleattach_agent, probe:60
RETCODE : ZRC=0x805C012D=-2141454035=SQLEX_AUTH_SYSERR
"Unable to authentication because of system error"


ASCII trace file :

164:08:50:46 T-143107888 checkSQLStatus: sclca->sqlcode=-30082
buff=[SQL30082N Security processing failed with reason "15"
("PROCESSING FAILURE"). SQLSTATE=08001


Cause

There could be several reasons for password validation to fail ( for example incorrect password, account locked out, or anything that is related to failure in authentication ) and one of them is the length of the encrypted password for database user. If encrypted password for database user within the '/etc/shadow' file exceeds 64 bytes(which is the maximum supported length for DB2) such error is reported by the system. The maximum length of supported password by DB2 is 64 bytes.


Environment

ALL Unix

Resolving the problem

To resolve this problem, please have appropriate hashing algorithm method implemented which will enable to have system password length of 64 bytes or lower.

For example, on Linux (RHEL 5 + TDS 6.2 + DB2 v9.5.0.1) you can execute below mentioned command to change the hashing type to SHA256 from default md5.

First find out what hashing algorithm you are using..
# authconfig --test | grep hashing

With below example, we will change algorithm to sha256

# authconfig --passalgo=sha256 --update


In AIX, 'smitty' utility can be used to change the hashing algorithm.

For better understanding, refer to operating system manuals and system administrator

Historical Number

10344
300
624

Product Alias/Synonym

tds
itds
TDS
ITDS
DS

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Directory Server
General

Software version:

6.1, 6.2, 6.3

Operating system(s):

All UNIX Platforms

Software edition:

All Editions

Reference #:

1508567

Modified date:

2014-12-08

Translate my page

Machine Translation

Content navigation