Problem
在特定情况下,检查密码守护进程(db2ckpw)不处理用户凭据信息。通常这个问题可以通过重启实例来解决,但是问题在一段时间之后会再次发生。
Symptom
db2diag.log中有如下错误信息:
2013-11-12-12.30.15.808865+120 I1899510A484 LEVEL: Warning
PID : 6274930 TID : 33469 PROC : db2sysc 0
INSTANCE: instance NODE : 000 DB : database
APPHDL : 0-48484 APPID: ::0.44301.SDE3D820367A
EDUID : 45469 EDUNAME: db2agent (database) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 65 bytes
Password validation for user userDB1 failed with rc = -2146500507
用户看到的错误信息:
SQL30082N Security processing failed with reason "24" ("USERNAME
AND/OR PASSWORD INVALID"). SQLSTATE=08001
当问题发生时的Db2 trace信息:
580040 | sqloGetUserPasswordInformationInternal exit
580041 | sqlo_validate_pwd entry [eduid 258 eduname db2sysc]
580042 | sqlo_validate_pwd mbt [Marker:PD_SQLO_loginfailed_start ]
580079 | sqlo_validate_pwd error [probe 100]
580080 | sqlo_validate_pwd exit [rc = 0x800F0065 = -2146500507 = SQLO_BAD_PSW]
580081 sqlockpw_daemon_main data [probe 20]
Cause
目前该问题的根本原因未知。
Environment
通常情况下,这个问题在进行大量认证的环境中出现。
Diagnosing The Problem
用户可以成功的进行OS认证,使用相同的凭据信息(用户名,密码)执行下面的命令却接收到SQL30082N错误消息:
>db2 connect to db_name user userName using userPassword
SQL30082N Security processing failed with reason "24" ("USERNAME
AND/OR PASSWORD INVALID"). SQLSTATE=08001
Resolving The Problem
为了解决这个问题,可以进行以下设置
DB2_NUM_CKPW_DAEMONS=5:FORK
可以增加或减少守护进程的数量,但是需要FORK参数。在FORK模式下,每个检查密码守护进程将会为每个请求生成检查密码程序来检查密码。
需要重启Db2(db2stop, db2start)使修改生效。
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]