Shadowed Passwords and Informix?

From: Jonathan Williams <jonathw_at_shubertorg.com>
Date: Thu, 08 May 2003 11:51:29 -0400

Hi. Let me first apologize if some of you consider this off-topic, but
anway...A while ago we did some testing with the shadowed password option of
enhanced security. We had some problems with certain software so abandoned our
testing to some future time. Well, apparently the future is now!! And we have
uncovered a problem that I'm hoping someone here has a workaround for. I put a
call into Informix, but they basically gave up and suggested calling HP.

We are running Tru64 5.1b patchkit 1 and Informix IDS 9.30FC1X6

We enabled shadowed passwords on system A. Now nobody from system B can connect
to the database on system A. They get an error like this: -952: users password
is not correct for the database server. Also, the developers are complaining
they can't make an ODBC connection because of a similar error message (I'm not
sure what that means, but I figured I'd mention it).

The way people on system B connect to the database on system A is by way of a
.netrc file (this is for development purposes only, no developers have any
access to our real production databases). For example, if the database on
system A is controlled by a user named "databaseowner" (i.e. the only user who
has permission to access the database), and I'm a developer named Jonathan on
system B, my .netrc file would look like this: machine systemA
                                                                      login
databaseowner
                                                                      password
<databaseownerspassword>
When I try to connect it would say: -952: user databaseowner password is not
correct for the database server.
But I can telnet over to system A and login using that very same login and
password. In fact I can even to an ftp to that server, and the .netrc file is
sufficient to do a successful autologin to the server. So it's definitely an
Informix issue.

I was just hoping that some of you use Informix and have shadowed passwords
enabled, and were able to get around this hurdle. I have a call into HP, but
figured I'd send an email out anyway. Thanks to anyone that can help.

Jonathan Williams
Unix Systems Administrator
The Shubert Organization, Inc.
Received on Thu May 08 2003 - 15:54:52 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:44 NZDT