SQL30082 RC=24 or RC=15 returned when connecting to database on Server when pwd_algorithm is Crypt, MD5, SHA1, SHA256, SHA512, Blowfish

Technote (troubleshooting)


Problem(Abstract)

A local or remote connection to a database using:

db2 connect to sample user <userid> using <password>

returns

SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID"). SQLSTATE=08001

The error in db2diag.log is
2011-01-01-17.21.43.367890-300 I1011620A272 LEVEL: Warning
PID : 123456 TID : 1
FUNCTION: DB2 Common, Security, Users and Groups, secLogMessage, probe:
20
DATA #1 : String, 66 bytes
Password validation for user db2inst1 failed with rc = -2146500507

OR

SQL30082N Security processing failed with Reason Code 15
"Security processing at the server failed "

2011-10-19-14.05.06.682505-300 I2778202A437 LEVEL: Warning
PID : 10813678 TID : 6958 PROC : db2sysc 0
INSTANCE: db2inst1 NODE : 000 DB : CMDB
APPHDL : 0-117
EDUID : 6958 EDUNAME: db2agent (CMDB) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 67 bytes
Password validation for user testuser failed with rc = -2029059891

Symptom

No connections can be made to the database when userid and password are provided. These connections fail with SQL30082N with Reason "24" or "15" returned.


Cause

DB2 Version 9.1 and Version 9.5 up to Fixpack 3 support the following encryption algorithms.

Crypt
MD5
SHA1

From DB2 Version 9.5 Fixpak 4 and versions beyond, the following algorithms are supported:

Crypt
MD5
SHA1
SHA256
SHA512
Blowfish

For example, on AIX this is coded in the /etc/security/login.cfg file.

The error is received if you use the unsupported encryption algorithm and may show up in the db2diag log like this:

2011-10-19-14.05.06.682321-300 I2777674A527 LEVEL: Severe
PID : 9633910 TID : 258 PROC : db2ckpwd 0
INSTANCE: db2inst1 NODE : 000
EDUID : 258 EDUNAME: db2sysc 0
FUNCTION: DB2 UDB, oper system services, sqloGetUserAttribByName, probe:50
MESSAGE : Unsupported password encryption algorithm in use! Configure the
Operating System to use a supported algorithm.
DATA #1 : Hexdump, 4 bytes
0x07000000003F7F00 : 870F 00CD ....

To check what encryption algorithm is being used the login.cfg file will contain something like:

usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin
/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/sbin
/sliplogin,/usr/sbin/uucp/uucico,/usr/sbin/snappd,/bin/false
maxlogins = 32767
logintimeout = 60
pwd_algorithm = sha256
auth_type = STD_AUTH

OR the passwd.txt file will show something like this:

root:
password = {sha256}06$SBysqAi4UQQ1nxC3$L55aKwmscvwxnKskkVrMk0HddbJyNkoE
v6HNXoLO.kH


Environment

ALL

Resolving the problem

Please use one of the supported encryption algorithms based on the version of DB2 that is being used.

Related information

Support for passwords greater than 8 characters on AIX
/etc/security/login.cfg
SQL1046N error on ITDS server start
Error SQL30082N Reason Code 15 or 24 or 36

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

9.1, 9.5, 9.7, 10.1, 10.5

Operating system(s):

AIX, HP-UX, Linux, Linux iSeries, Linux pSeries, Linux zSeries, Solaris

Software edition:

Advanced Enterprise Server, Enterprise Server, Express, Express-C, Personal, Workgroup Server

Reference #:

1470246

Modified date:

2011-07-05

Translate my page

Machine Translation

Content navigation