System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Vin Patel
Occasional Visitor

Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hi, we've upgraded from Dec unix v4.0E to tru64 v5.1b. Both times we had enhanced security.

But after the upgrade, the odbc driver reports 'incorrect password for database server' even though the same accounts work ok with telnet, ftp etc.

It was working ok before the upgrade however.

Is there a difference between the enhanced security in V4.0D and V5.1B? Could it be something to do with extended_UID kernel parameter? Should I restart any daemons?

We are using Vision 2K and Informix ODBC with Informix 7.24. All are UID's are below 600.

Thanks
8 REPLIES
Ralf Puchner
Honored Contributor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hello,

have you verified if a smaller password will work? Maybe there are some changes within the password length.

Have you reinstalled the odbc drivers for 5.1B?
Have you verified if Informix 7.24 is supported on 5.1B?
Help() { FirstReadManual(urgently); Go_to_it;; }
Vin Patel
Occasional Visitor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hi, thank you very much for the response.

I have tried various password lengths without success, even a password of zero characters - which I could only contrive by sliding the password lengths in account manager to 0, setting 'force password change' and logging in remotely.

Also when I tried to create a new template or if I try to adjust the settings in the default template, an error message appears: 'UserID not within defined range.... current user-defined range ... is 12-65535.'.

I have *not* reinstalled the Vision 2k driver as you have suggested as I'd rather avoid doing that ;). The informix odbc server component comes with informix 7.24 itself so may not be seperately reinstallable. Reinstallation sounds like hard work ;) (I only support the application that runs on the box and am not confident with installing op sys stuff)

IBM looks like they support Informix 7.25 on tru64 5.1a according to their roadmap, but I will confirm if they support 7.24 on 5.1b as you have suggested.

Anyway thank you very much for your time, help and reply.

I know it sounds dodgy, but I think the best approach for me would be for me to review the audit facilities and see if there is a way to view the actual password used in a failed login rather than just that it was wrong. Do you know if this is possible?

Thanks again
Vin Patel

Ralf Puchner
Honored Contributor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hello Vin,

I've found the following information about C2 and Informix:

"What you could do to verify that informix is having the issues is convert the user you are trying to login as back to a base security level while having the rest of the machine running at enhanced. All this means is that the users login will be run against the passwd file instead of against the security architecture. To convert the user you are using for informix to base security while enhanced security is running you do the following:

/usr/tcb/bin/convuser -b

is the username for the informix login.

After performing the above task, the encrypted passwd for the user should be in the /etc/passwd file. If informix can login at this point then the problem is with the informix software not being able to handle the C2 login. You will need to contact informix if this is the case."

maybe the update have moved the user passwords back from /etc/passwd to the C2 shadowfile.
Help() { FirstReadManual(urgently); Go_to_it;; }
Vin Patel
Occasional Visitor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hi Ralf and thank you very much for the tip: I tried using convuser -b and it conveniently pushed the encrypted password for my test user back into /etc/passwd as you'd said, and both my odbc drivers work against it now!

Slightly confusing is that the account still appears in edauth -g as if it exists simultaneously in both enhanced and base modes?! But I'll check this further in account manager later.

However, this is a very handy workaround for us especially since I was thinking we would never see our odbc connection again!

Sorry if I didn't make this clear, but we did have the odbc working within the enhanced security on our previous op system, unix 4.0E, before the upgrade to 5.1b, and I'll have to look up what shadow passwording is ;).

But, I agree that I should enquire after Informix to see how they explain why it would stop working in 5.1b (afterall, it's not fair for me to just keep asking you guys ;)

But at least we have some breathing space now and for that many many thanks.

It's a bit surreal having the two types of accounts on the system, but I am optimistic we will be able to get back to full enhanced with time ;)

Thanks again - power to the mailing lists! ;)

Vin

PS: not sure how the point system works but as this is a helpful workaround with good leads and better than i got from my paid support people! I have tried to award accordingly.
Ralf Puchner
Honored Contributor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Vin,

if you have an backup or sys_check of the old system (4.0E) please check the files /etc/passwd and shadow. Maybe this will explain why it doesn't work on 5.1B.

regards

Ralf
Help() { FirstReadManual(urgently); Go_to_it;; }
Vin Patel
Occasional Visitor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hi again Ralf, thank you for your continuing interest.

I have actually read up a bit on the Vision odbc driver and it does state that it uses /etc/passwd or /etc/shadow so you might well be correct.

Currently, we don't seem to have a /etc/shadow file so that would explain whey the driver couldn't log in while we were using an Enhanced security account.

So it will be interesting to see what the /etc/passwd looks like on the older version 4.0E, or if there was an /etc/shadow at that time.

I will follow thro you suggestion once our operation systems manager get back from his holidays, and post the answer in here.

Thanks
Vin Patel
Volker Borowski
Honored Contributor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Hmmm,

well normally ODBC users do not have anything to do with OpSys useraccounts.

Usually an ODBC request connects directly to the ODBC agent and connects a database-user to the database and not an OP-Sys-User to the Operating system, so may be you are fighting windmills right now ?? I think you have a DB-problem where you expect an OS-Problem.

Is Informix 7.24 released for Unix version 5.1B ? I think you might need to upgrade Informix or at least the ODBC Component with this. I think 7.3x should be quite current. Check if the database user is still valid and if you can connect with the db-user/password you try in your ODBC-connection when you use dbaccess to connect to Informix.

Hope this helps
Volker
Ralf Puchner
Honored Contributor

Re: Upgrade to tru64 v5.1b causes 'incorrect password' in odbc driver

Volker,

read the whole thread. The problem is identified and a workaround provided. The last question is if Informix/odbc can handle C2 mechanism.
Help() { FirstReadManual(urgently); Go_to_it;; }