| Subject | Re: [Firebird-Java] Re: Denied connections due to character set |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2017-02-14T18:42:47Z |
On 2017-02-14 17:43, 'William L. Thomson Jr.' wlt-ml@...
[Firebird-Java] wrote:
said previously, this error means that the security database isn't
initialised. As you mentioned that you are able to connect with Jaybird
2.2, the problem is probably that the security database is currently
only initialised for legacy authentication, and not the new SRP (Secure
Remote Password) authentication. Firebird 3 now has separate
authentication plugins, which individually need to initialise the
security database. Jaybird 3 first tries the SRP protocol, and only if
that is explicitly rejected by Firebird it tries the legacy
authentication.
I will need to check if this theory is right (and if I have to handle
this specific error also as a SRP rejection).
Things you can try to also initialise the security database for SRP (I'm
not sure if all of these options work, but I currently can't test this,
maybe tomorrow):
1) Make sure Srp is included in the UserManager setting in firebird.conf
(restart the service after changing the value). Try to create a user (eg
in flamerobin) with:
CREATE USER jaybird PASSWORD 'jdbc' USING PLUGIN Srp;
You can drop the user afterwards.
Try if you can connect now, otherwise try:
2) Make sure Srp is **first** in the UserManager setting in
firebird.conf
start gsec:
gsec -user sysdba -password masterkey
This might show a message that the security database is now initialised
iirc.
If in doubt, create a user:
add jaybird -pw jdbc
You can drop the user afterwards.
You can revert the changes to firebird.conf of steps 1 and 2 afterwards.
Let me know if it works. If it doesn't work, can you let me know from
your firebird.conf the values of: UserManager, AuthServer, and
WireCrypt?
I will try to reproduce this problem, and let you know the actual steps
to resolve this (and update the wiki and release notes).
Mark
[Firebird-Java] wrote:
> On Tuesday, February 14, 2017 11:21:08 AM EST 'William L. Thomson Jr.'Well, the good news is this problem is not character set related. As I
> wlt-
> ml@... [Firebird-Java] wrote:
>> On Tuesday, February 14, 2017 4:54:22 AM EST Mark Rotteveel
>>
>> mark@... [Firebird-Java] wrote:
>> > On 14-2-2017 04:24, 'William L. Thomson Jr.' wlt-ml@...
>> >
>> > You should almost never have a reason to touch the file.encoding
>> > setting. Why are you setting this value?
>>
>> I am just trying to connect via ANY means.
>>
>> > If you are setting it to control how NONE works, then you would be
>> > better off specifying both the connection encoding NONE and the Java
>> > character set with lc_ctype=NONE&charSet=iso-8859-1, although just
>> > specifying charSet=iso-8859-1 is probably better in that case.
>>
>> Ok I will try that. That is exactly the combination I was saying the
>> documentation was vague. Its probably been there for some time, but I
>> was
>> not aware that lc_type and charSet could be used together or in that
>> manner. That may be exactly how it will work for me. The only way I
>> can
>> connect using Jaybird 3.
>
> I tried lc_ctype=NONE&charSet=iso-8859-1 and just charSet=iso-8859-1.
> Both
> produced
>
> java.sql.SQLException: Your user name and password are not defined. Ask
> your
> database administrator to set up a Firebird login.; Install incomplete,
> please
> read the Compatibility chapter in the release notes for this version
> [SQLState:28000, ISC error code:335544472]
said previously, this error means that the security database isn't
initialised. As you mentioned that you are able to connect with Jaybird
2.2, the problem is probably that the security database is currently
only initialised for legacy authentication, and not the new SRP (Secure
Remote Password) authentication. Firebird 3 now has separate
authentication plugins, which individually need to initialise the
security database. Jaybird 3 first tries the SRP protocol, and only if
that is explicitly rejected by Firebird it tries the legacy
authentication.
I will need to check if this theory is right (and if I have to handle
this specific error also as a SRP rejection).
Things you can try to also initialise the security database for SRP (I'm
not sure if all of these options work, but I currently can't test this,
maybe tomorrow):
1) Make sure Srp is included in the UserManager setting in firebird.conf
(restart the service after changing the value). Try to create a user (eg
in flamerobin) with:
CREATE USER jaybird PASSWORD 'jdbc' USING PLUGIN Srp;
You can drop the user afterwards.
Try if you can connect now, otherwise try:
2) Make sure Srp is **first** in the UserManager setting in
firebird.conf
start gsec:
gsec -user sysdba -password masterkey
This might show a message that the security database is now initialised
iirc.
If in doubt, create a user:
add jaybird -pw jdbc
You can drop the user afterwards.
You can revert the changes to firebird.conf of steps 1 and 2 afterwards.
Let me know if it works. If it doesn't work, can you let me know from
your firebird.conf the values of: UserManager, AuthServer, and
WireCrypt?
I will try to reproduce this problem, and let you know the actual steps
to resolve this (and update the wiki and release notes).
Mark