| Subject | Re: [Firebird-Java] Re: Denied connections due to character set |
|---|---|
| Author | William L. Thomson Jr. |
| Post date | 2017-02-14T19:48:51Z |
On Tuesday, February 14, 2017 1:42:47 PM EST you wrote:
then SRP. Still migrating older stuff, so till everything is SRP I cannot
switch. It seems it is not failing back to legacy, as that should work.
then makes much more sense as to the issue.
support legacy so did not have a clear path. I will look into moving off
legacy.
AuthServer = Legacy_Auth, Srp
AuthClient = Legacy_Auth, Srp
UserManager = Legacy_UserManager, Srp
initialized, just using legacy vs srp.
Maybe that is the issue, since I think it uses encrypted.
--
William L. Thomson Jr.
[Non-text portions of this message have been removed]
>Ok, that maybe the case
> Well, the good news is this problem is not character set related. As I
> said previously, this error means that the security database isn't
> initialised.
> As you mentioned that you are able to connect with JaybirdWhy is Jaybird 3 not working with legacy authentication then?
> 2.2, the problem is probably that the security database is currently
> only initialised for legacy authentication, and not the new SRP (Secure
> Remote Password) authentication.
> Firebird 3 now has separateSeems it should be configurable like Firebird. I have Firebird setup for Legacy
> authentication plugins, which individually need to initialise the
> security database. Jaybird 3 first tries the SRP protocol, and only if
> that is explicitly rejected by Firebird it tries the legacy
> authentication.
then SRP. Still migrating older stuff, so till everything is SRP I cannot
switch. It seems it is not failing back to legacy, as that should work.
> I will need to check if this theory is right (and if I have to handleThat sounds logical. If I do not have SRP setup and it is only trying that
> this specific error also as a SRP rejection).
then makes much more sense as to the issue.
> Things you can try to also initialise the security database for SRP (I'mI thought I did, but I had some issues with that. Not to mention needed to
> not sure if all of these options work, but I currently can't test this,
> maybe tomorrow):
support legacy so did not have a clear path. I will look into moving off
legacy.
> 1) Make sure Srp is included in the UserManager setting in firebird.confIt is just reversed
> (restart the service after changing the value). Try to create a user (eg
> in flamerobin) with:
AuthServer = Legacy_Auth, Srp
AuthClient = Legacy_Auth, Srp
UserManager = Legacy_UserManager, Srp
> CREATE USER jaybird PASSWORD 'jdbc' USING PLUGIN Srp;I know I have sysdba setup. I am pretty sure the security database is
>
> You can drop the user afterwards.
>
> Try if you can connect now, otherwise try:
>
> 2) Make sure Srp is **first** in the UserManager setting in
> firebird.conf
>
> start gsec:
> gsec -user sysdba -password masterkey
>
> This might show a message that the security database is now initialised
> iirc.
initialized, just using legacy vs srp.
> If in doubt, create a user:WireCrypt = Disabled
> add jaybird -pw jdbc
>
> You can drop the user afterwards.
>
> You can revert the changes to firebird.conf of steps 1 and 2 afterwards.
>
> Let me know if it works. If it doesn't work, can you let me know from
> your firebird.conf the values of: UserManager, AuthServer, and
> WireCrypt?
Maybe that is the issue, since I think it uses encrypted.
> I will try to reproduce this problem, and let you know the actual stepsOk sounds good. I am happy to provide any information to replicate.
> to resolve this (and update the wiki and release notes).
--
William L. Thomson Jr.
[Non-text portions of this message have been removed]