ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddp_5.4.0.1/rbal1drdaconauth.htm

104 lines
6.2 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="DRDA connect authorization failure" />
<meta name="abstract" content="The error messages given for an authorization failure is SQ30082." />
<meta name="description" content="The error messages given for an authorization failure is SQ30082." />
<meta name="DC.subject" content="DRDA Connect Authorization Failure, error message" />
<meta name="keywords" content="DRDA Connect Authorization Failure, error message" />
<meta name="DC.Relation" scheme="URI" content="rbal1reqfail.htm" />
<meta name="DC.Relation" scheme="URI" content="../cl/addsvraute.htm" />
<meta name="DC.Relation" scheme="URI" content="../cl/chgddmtcpa.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbal1drdaconauth" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>DRDA connect
authorization failure</title>
</head>
<body id="rbal1drdaconauth"><a name="rbal1drdaconauth"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">DRDA connect
authorization failure</h1>
<div><p>The error messages given for an authorization failure is SQ30082.</p>
<div class="section"><div class="p">The message text is:<pre>Authorization failure on distributed database connection attempt.</pre>
</div>
<p>The
cause section of the message gives a reason code and a list of meanings for
the possible reason codes. Reason code 17 means that there was an unsupported
security mechanism (SECMEC).</p>
</div>
<div class="section"><p><span class="keyword">DB2 Universal Database™ for iSeries™</span> implements
several Distributed
Relational Database Architecture™ (DRDA<sup>®</sup>) SEMECs that an iSeries application
requester (AR) can use:</p>
<ul><li>User ID only</li>
<li>User ID with password</li>
<li>Encrypted password security mechanism</li>
<li>Kerberos (V5R2)</li>
</ul>
</div>
<div class="section"><p>The encrypted password is sent only if a password is available
at the time the connection is initiated.</p>
</div>
<div class="section"><p>The default SECMEC for an <span class="keyword">iSeries server</span> requires
user IDs with passwords. If the application requester sends a user ID with
no password to a server, with the default security configuration, error message
SQ30082 with reason code 17 is given.</p>
</div>
<div class="section"><div class="p">Solutions for the unsupported security mechanism failure are: <ul><li>If the client is trusted by the server and authentication is not required,
change the DDM TCP/IP server's authentication setting to password not required.</li>
<li>If the client is not trusted by the server and authentication is required,
change the application to send either a password or authenticated security
token (for example, a Kerberos token).</li>
</ul>
</div>
<p>The DDM TCP/IP server's authentication setting can be changed
either using the <span class="cmdname">Change DDM TCP/IP Attributes (CHGDDMTCPA)</span> command
or by using Operations Navigator's <span class="menucascade"><span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">DDM Properties</span></span>.</p>
</div>
<div class="section"><p>You can send a password by either using the USER/USING form of
the SQL CONNECT statement, or by using the <span class="cmdname">Add Server Authentication
Entry (ADDSVRAUTE)</span> command to add the remote user ID and the password
in a server authorization entry for the user profile under which the connection
attempt is made. In V4R5 and later systems, an attempt is automatically made
to send the password encrypted. Note that pre-V4R5 <span class="keyword">iSeries server</span>s
cannot send encrypted passwords, nor can they decrypt encrypted passwords
of the type sent by V4R5 iSeries ARs.</p>
</div>
<div class="section"><p>Note that you have to have system value QRETSVRSEC (retain server
security data) set to '1' to be able to store the remote password in the server
authorization entry.</p>
</div>
<div class="section"> <div class="attention"><span class="attentiontitle">Attention:</span> You must enter the RDB name on the <span class="cmdname">Add
Server Authentication Entry (ADDSVRAUTE)</span> command in uppercase for
use with DRDA or
the name will not be recognized during the connection processing and the information
in the authorization entry will not be used.</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1reqfail.htm" title="The main causes for failed connection requests at a Distributed Relational Database Architecture (DRDA) server configured for TCP/IP use is that the DDM TCP/IP server is not started, an authorization error occurred, or the machine is not running.">Handle connection request failures for TCP/IP</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../cl/addsvraute.htm">Add Server Authentication Entry (ADDSVRAUTE) command</a></div>
<div><a href="../cl/chgddmtcpa.htm">Change DDM TCP/IP Attributes (CHGDDMTCPA) command</a></div>
</div>
</div>
</body>
</html>