Get Data Moving 1
Results 1 to 7 of 7

Thread: Attunity DataSource Security under Unix System

  1. #1
    bsfaxi is offline Junior Member
    Join Date
    May 2009
    Posts
    4
    Rep Power
    0

    Attunity DataSource Security under Unix System

    Hi Everyone,

    I'am trying to setup security access to a datasource under Attunity Studio (v5.3).

    The configuration under Windows OS is working fine as described in the attached file.
    I tried to make the same steps for a Red Hat Linux OS, but it doesn't work.

    Can someone help plz?

    Thanks in advance.

  2. #2
    Join Date
    Sep 2006
    Posts
    233
    Rep Power
    10
    I tried to make the same steps for a Red Hat Linux OS, but it doesn't work.
    In what way did it not work?

    Did you see any 'interesting' errors in the daemon log file?

    Was the daemon on the Linux box has access to the password and password hashes files? Without such access, the daemon cannot verify a username and password.

    Recall that the username and password for remote access to the Attunity server are the username and password of the underlying operating system.

    /d
    By Dror Harari

    To Find Out more About Attunity Technology:
    Attunity
    or:
    Contact Us

  3. #3
    bsfaxi is offline Junior Member
    Join Date
    May 2009
    Posts
    4
    Rep Power
    0
    Hi DrorHarari,

    Thanks for your short response.

    The user who starts the Attunity Daemon is "optim". He belogns to "root" group. He has access to the password and password hashes files.

    [optim@rhe52 tmp]$ whoami
    optim
    [optim@rhe52 tmp]$ ll /etc/passwd
    -rw-r--r-- 1 root root 1968 fév 25 10:24 /etc/passwd
    [optim@rhe52 tmp]$ ll /etc/shadow
    -r--r----- 1 root root 1322 fév 25 10:24 /etc/shadow

    Under the JDBC query tool, I have this error :
    An error occurred while establishing the connection:
    Type: java.sql.SQLException Error Code: 14 SQL State:
    Message:
    [J0014] Return code is -30 060 609. [C012] Invalid username/password.

    Under the irpcd log file :
    <1> Login: optim (192.168.150.129:1113, 09-Apr-10 12:00:25)
    <1> ***ERROR*** [C012] Invalid username/password <-30060609>

  4. #4
    Join Date
    Sep 2006
    Posts
    233
    Rep Power
    10
    To find out where the problem is, let first bypass JDBC and try to directly connect to the daemon and see if it can authenticate the 'optim' user properly.

    To do this you need to work in a shell environment where the Attunity symbols are defined (e.g. by doing: source $NAVROOT/bin/nav_login.sh).

    $ irpcd -u optim test

    The program would prompt you for the password and will either say OK or "Invalid username/password". Note that if you enter an empty password and the daemon allows anonymous logins, you would also get OK so make sure to type a password.

    If we get an error then the problem is in the daemon or environment configuration. If the daemon says OK then we need to look at the JDBC environment.

    /d
    By Dror Harari

    To Find Out more About Attunity Technology:
    Attunity
    or:
    Contact Us

  5. #5
    bsfaxi is offline Junior Member
    Join Date
    May 2009
    Posts
    4
    Rep Power
    0
    Thanks for this post ...

    I have desactivated the anonymous access, and tried to connect directly with "irpcd" (all operations are done with root account this time) :

    [root@rhe52 navroot]# irpcd start
    Starting a daemon process...
    A daemon process was started

    [root@rhe52 navroot]# irpcd status
    Password: //I gave a wrong password here
    [C012] Invalid username/password
    [root@rhe52 navroot]# irpcd status
    Password: //I gave the right password here
    General IRPCD Status
    IRPCD log file: /opt/IBM/Optim/rt/navroot/tmp/irpcd.log
    IRPCD configuration: IRPCD
    Logging detail: Operations
    IRPCD process ID: 21303
    Number of logins: 3 (1 failures)
    Number of active daemon clients: 2
    Number of active client sessions: 0
    Max. number of concurrent client sessions: 0

    Active Servers Status
    Start Time PID Location & Other Information
    14-Apr-10 17:03:17 21305/root 192.168.150.128:16588:tcp:0, Usage: 0/0

    Workspace ACADMIN (Administration server)
    Usage count 1
    Available servers(#1):
    Start Time PID Location & Other Information
    14-Apr-10 17:03:17 21305 192.168.150.128:16588:tcp:0, Usage: 0/0

    OK
    [root@rhe52 navroot]# irpcd -u root test
    Password: //I gave no password here
    [C00F] Anonymous client logins are not allowed
    [root@rhe52 navroot]# irpcd -u root test
    Password: //I gave the right password here
    OK


    In the JDBC query tool, I still have the same error.
    I tried to test the java program given as a sample by the odm installation under /opt/IBM/Optim/rt/odm/java/Averify.

    1st Test :
    [root@rhe52 Averify]# java -jar averify.jar
    Enter server name (CR for localhost):
    > localhost
    Enter data source name (CR for sample):
    > NAVDEMO
    IBM Optim JDBC Archive File Access Test Started at Wed Apr 14 17:08:54 GMT+02:00 2010
    Server=localhost Default Data Source=NAVDEMO Maximum Rows=5
    Enter "quit" or "exit" (without quotes) to Terminate
    Got an exception in main
    [J0014] Return code is -30060606. [C00F] Anonymous client logins are not allowed.
    IBM Optim JDBC Archive File Access Test Ended at Wed Apr 14 17:08:55 GMT+02:00 2010

    2nd Test :
    [root@rhe52 Averify]# java -jar averify.jar
    Enter server name (CR for localhost):
    > root:password@localhost
    Enter data source name (CR for sample):
    > NAVDEMO
    IBM Optim JDBC Archive File Access Test Started at Wed Apr 14 17:13:06 GMT+02:00 2010
    Server=root:password@localhost Default Data Source=NAVDEMO Maximum Rows=5
    Enter "quit" or "exit" (without quotes) to Terminate
    Got an exception in main
    [J0014] Return code is -30060609. [C012] Invalid username/password.
    IBM Optim JDBC Archive File Access Test Ended at Wed Apr 14 17:13:06 GMT+02:00 2010

  6. #6
    Join Date
    Sep 2006
    Posts
    233
    Rep Power
    10
    Very good - so now we know that the daemon is properly configured and we need to look at the JDBC side.

    I am not familiar with the averify.jar but if it is based on the 4.8 or earlier Attunity JDBC driver then it is rather likely that you simply need to work with the 5.x JDBC driver.
    By Dror Harari

    To Find Out more About Attunity Technology:
    Attunity
    or:
    Contact Us

  7. #7
    bsfaxi is offline Junior Member
    Join Date
    May 2009
    Posts
    4
    Rep Power
    0
    Right :D ....

    I used the driver deliverd by the Attunity 4.8 installation for my first tests...
    JDBC connection now works since I put the new driver 5.3.

    Oddly, the "Averify.jar" program is still provided with the old Driver in a 5.3 installation.

    NB : For testing, I have setup only the "non anonymous access" to the workspace "Navigator" and not to the IRPCD daemon like I did for the Windows example. The connection to the datasource with the given credentials works also.

    Hope this will help someone else.
    Thanks again for your support DrorHarari.
    Bilel

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •