| Subject | Re: [firebird-support] Changing SYSDBA password |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2018-09-11T09:42:03Z |
On 11-9-2018 10:09, Tony Christiansen tony@...
[firebird-support] wrote:
Firebird 3 has two distinct authentication plugins: Srp and Legacy_Auth.
You have now changed one SYSDBA (check the UserManager setting in
firebird.conf to see which), while you're authenticating with the other.
You need either need to make sure you either change both SYSDBA
accounts, or disable the least secure authentication model (Legacy_Auth)
by removing it from the `AuthServer` setting.
To change both SYSDBA users, make sure that the UserManager setting in
firebird.conf is set as:
UserManager = Srp, Legacy_UserManager
Then restart Firebird and use
alter user sysdba set password 'newpassword' using plugin Srp;
alter user sysdba set password 'newpassword' using plugin
Legacy_UserManager;
If you leave off `using plugin ...`, the default user manager is used
(which is the first in the UserManager list).
Alternatively, consider dropping the legacy sysdba account so you only
retain the more secure Srp account
drop user sysdba using plugin Legacy_UserManager
Only do this when you don't use tools or drivers that still rely on
legacy authentication.
Mark
--
Mark Rotteveel
[firebird-support] wrote:
> I am using FB 3.0 and had the SYSPDA pw as masterkey.With Firebird 3, the users are per authentication plugin. By default
>
> I changed it per the notes as I understood ie opened a database and ran
> this query
>
> alter user sysdba set password 'newpassword'
>
> It committed ok with no errors but I can still open databases using
> SYSDBA and masterkey as the password. I expected when I changed the
> password I would not be able to open any databases with the old password.
>
> I tried restarting the FB server but no change.
>
> Am I missing a step?
Firebird 3 has two distinct authentication plugins: Srp and Legacy_Auth.
You have now changed one SYSDBA (check the UserManager setting in
firebird.conf to see which), while you're authenticating with the other.
You need either need to make sure you either change both SYSDBA
accounts, or disable the least secure authentication model (Legacy_Auth)
by removing it from the `AuthServer` setting.
To change both SYSDBA users, make sure that the UserManager setting in
firebird.conf is set as:
UserManager = Srp, Legacy_UserManager
Then restart Firebird and use
alter user sysdba set password 'newpassword' using plugin Srp;
alter user sysdba set password 'newpassword' using plugin
Legacy_UserManager;
If you leave off `using plugin ...`, the default user manager is used
(which is the first in the UserManager list).
Alternatively, consider dropping the legacy sysdba account so you only
retain the more secure Srp account
drop user sysdba using plugin Legacy_UserManager
Only do this when you don't use tools or drivers that still rely on
legacy authentication.
Mark
--
Mark Rotteveel