Subject Re: [Firebird-Java] Re: Denied connections due to character set
Author William L. Thomson Jr.
On Tuesday, February 14, 2017 1:42:47 PM EST you wrote:
> Well, the good news is this problem is not character set related. As I
> said previously, this error means that the security database isn't
> initialised.

Ok, that maybe the case

> As you mentioned that you are able to connect with Jaybird
> 2.2, the problem is probably that the security database is currently
> only initialised for legacy authentication, and not the new SRP (Secure
> Remote Password) authentication.

Why is Jaybird 3 not working with legacy authentication then?

> Firebird 3 now has separate
> authentication plugins, which individually need to initialise the
> security database. Jaybird 3 first tries the SRP protocol, and only if
> that is explicitly rejected by Firebird it tries the legacy
> authentication.

Seems it should be configurable like Firebird. I have Firebird setup for Legacy
then SRP. Still migrating older stuff, so till everything is SRP I cannot
switch. It seems it is not failing back to legacy, as that should work.

> I will need to check if this theory is right (and if I have to handle
> this specific error also as a SRP rejection).

That sounds logical. If I do not have SRP setup and it is only trying that
then makes much more sense as to the issue.

> Things you can try to also initialise the security database for SRP (I'm
> not sure if all of these options work, but I currently can't test this,
> maybe tomorrow):

I thought I did, but I had some issues with that. Not to mention needed to
support legacy so did not have a clear path. I will look into moving off

> 1) Make sure Srp is included in the UserManager setting in firebird.conf
> (restart the service after changing the value). Try to create a user (eg
> in flamerobin) with:

It is just reversed

AuthServer = Legacy_Auth, Srp
AuthClient = Legacy_Auth, Srp
UserManager = Legacy_UserManager, Srp

> You can drop the user afterwards.
> Try if you can connect now, otherwise try:
> 2) Make sure Srp is **first** in the UserManager setting in
> firebird.conf
> start gsec:
> gsec -user sysdba -password masterkey
> This might show a message that the security database is now initialised
> iirc.

I know I have sysdba setup. I am pretty sure the security database is
initialized, just using legacy vs srp.

> If in doubt, create a user:
> add jaybird -pw jdbc
> You can drop the user afterwards.
> You can revert the changes to firebird.conf of steps 1 and 2 afterwards.
> Let me know if it works. If it doesn't work, can you let me know from
> your firebird.conf the values of: UserManager, AuthServer, and
> WireCrypt?

WireCrypt = Disabled

Maybe that is the issue, since I think it uses encrypted.

> I will try to reproduce this problem, and let you know the actual steps
> to resolve this (and update the wiki and release notes).

Ok sounds good. I am happy to provide any information to replicate.

William L. Thomson Jr.

[Non-text portions of this message have been removed]