Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2597: Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID")"

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:08 AM

Applies to: All versions of Centrify DirectControl for IBM DB2 on RHEL platforms.

Question:

After following the manual steps to configure Centrify's DB2 for Applications, the local user's credentials fail.
(Document: http://www.centrify.com/downloads/products/documentation/suite2012/ga/centrify-dc-db2.pdf, Page 11)

Example:
Attempts to login as the db2 instance user udb110003 (where udb110003 is the name of the instance). 
The user does not exist in AD. Only the username/password plugin is setup.

When executing "db2 connect to sample user udb110003", the console returns:

  Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID")

From /var/log/secure:

db2userpass_checkpwd: PAM unable to dlopen(/lib/security/system-auth)
db2userpass_checkpwd: PAM [error: /lib/security/system-auth: cannot open shared
object file: No such file or directory] 
db2userpass_checkpwd: PAM adding faulty module: / lib/security/system-auth

Answer:

There is a mistake in the documentation:

On the DB2 server, modify /etc/pam.d/centrifydc_db2userpass as follows: 

auth include system-auth 
auth required pam_nologin.so 
account include system-auth

Note: Using setupdb2.sh (instead of manual configuration), will create /etc/pam.d/centrifydc_db2userpass with the following contents:

auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth

After these steps, restart Centrify (service centrifydc restart) and DB2 (optional).

If the local user still has an issue connecting to instance, please contact Support.

Centrify will be correcting this mistake in future documentation.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.