IBM Support

SQL30082 RC=24 or RC=15 returned when connecting to database on Server when pwd_algorithm is Crypt, MD5, SHA1, SHA256, SHA512, Blowfish

Troubleshooting


Problem

A local or remote connection to a database using: db2 connect to sample user using returns SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001

Errors in the Db2 diagnostic log might be similar to the following:

  
2011-10-19-14.05.06.682505-300 I2778202A437      LEVEL: Warning
PID     : 10813678             TID : 6958            PROC : db2sysc
INSTANCE: db2inst1             NODE : 000            DB   : SAMPLE
APPHDL  : 0-117
EDUID   : 6958                 EDUNAME: db2agent (SAMPLE)
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 67 bytes
Password validation for user testuser failed with rc = -2029059891
2011-10-19-14.05.06.682321-300 I2777674A527 LEVEL: Severe
PID : 9633910 TID : 258 PROC : db2ckpwd 0
INSTANCE: db2inst1 NODE : 000
EDUID : 258 EDUNAME: db2sysc 0
FUNCTION: DB2 UDB, oper system services, sqloGetUserAttribByName, probe:50
MESSAGE : Unsupported password encryption algorithm in use! Configure the
Operating System to use a supported algorithm.
DATA #1 : Hexdump, 4 bytes
0x07000000003F7F00 : 870F 00CD ....

Symptom

No connections can be made to the database when userid and password are provided. These connections fail with SQL30082N with Reason "24" or "15" returned.

Cause

DB2 Version 9.1 and Version 9.5 up to Fixpack 3 support the following encryption algorithms.
  • Crypt
  • MD5
  • SHA1

From DB2 Version 9.5 Fixpak 4 and versions beyond, the following algorithms are supported:
  • Crypt
  • MD5
  • SHA1
  • SHA256
  • SHA512
  • Blowfish

On AIX this is coded in the /etc/security/login.cfg file. To check what encryption algorithm is being used the login.cfg file will contain something like:
  
usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin
/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/sbin
/sliplogin,/usr/sbin/uucp/uucico,/usr/sbin/snappd,/bin/false
maxlogins = 32767
logintimeout = 60
pwd_algorithm = sha256
auth_type = STD_AUTH


The passwd.txt file might also show something like this:
root:
password = {sha256}06$SBysqAi4UQQ1nxC3$L55aKwmscvwxnKskkVrMk0HddbJyNkoE
v6HNXoLO.kH

Resolving The Problem

Please use one of the supported encryption algorithms based on the version of DB2 that is being used.

[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"ARM Category":[{"code":"a8m500000008PmmAAE","label":"Security and Plug-Ins->Authentication"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"8.2.0;9.1.0;9.5.0"}]

Document Information

Modified date:
31 January 2022

UID

swg21470246

Page Feedback