Subject Re: [firebird-support] Enable authorization for legacy Firebird clients
Author Alexandre Benson Smith
HI

Em 7/7/2016 05:49, tomi.joki@... [firebird-support] escreveu:


Hi,

 

I don’t know if i have understand “Enable authorization for legacy Firebird clients” right but..

 

I just installed Firebird 3 to new development server and checked “Enable authorization for legacy Firebird clients” so I can test connection from old 2.5 clients. In this installation window I create random password like “pass1234”. When I connected to database from same server connection is okay with “pass1234”. But when I tried to connect from old development server where firebird 2.5 is installed with “pass1234” I get error “Your user name and password…”.  My surprise was when I tried connect database from old server with pasword “masterkey” that connection is succesfully.

 

I have not created user SYSDBA with “masterke” password and still I get connected in database.  So my question is that should this be like this?

 

Best regards, 

 

-          Tomi




I don't know how are your configurations, but to enabled Legacy Auth you must change:

AuthServer = Srp, Legacy_Auth

UserManager = Srp, Legacy_UserManager

WireCrypt = Enabled

after that, the server is enabled to authenticate using the old protocol.

I think you are in this point, but are unable to authenticate from other users because the other users was create by the default plugin (SRP), you must create those users using the Legacy_UserManager plug in. The SYSDBA was automatically created by the installer using the Legacy_UserManager plugin this is the reason you could connect using SYSDBA.

connect to your database and execute the following:
select sec$user_name, sec$plugin from sec$users;


You should see something like:
SEC$USER_NAME                   SEC$PLUGIN
=============================== ===============================
User1                           Srp
User2                           Srp

This indicates that the users are created but with the new SRP plugin, to authenticate legacy users you need to create them using the legacy user manager plugin.

execute this:

create user User1 password 'pas1234' using plugin Legacy_AuthManager;
commit;


after that execute this:
select sec$user_name, sec$plugin from sec$users;

You shoud see:

SEC$USER_NAME                   SEC$PLUGIN
=============================== ===============================
User1                           Srp
User2                           Srp
User1                           Legacy_UserManager


Note that you have two entries for User1, one for the SRP plugin and the other for the Legacy Authentication.

HTH

see you !