Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2597: Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID")"

12 April,16 at 11:08 AM

Applies to: All versions of Centrify DirectControl for IBM DB2 on RHEL platforms.


After following the manual steps to configure Centrify's DB2 for Applications, the local user's credentials fail.
(Document:, Page 11)

Attempts to login as the db2 instance user udb110003 (where udb110003 is the name of the instance). 
The user does not exist in AD. Only the username/password plugin is setup.

When executing "db2 connect to sample user udb110003", the console returns:

  Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID")

From /var/log/secure:

db2userpass_checkpwd: PAM unable to dlopen(/lib/security/system-auth)
db2userpass_checkpwd: PAM [error: /lib/security/system-auth: cannot open shared
object file: No such file or directory] 
db2userpass_checkpwd: PAM adding faulty module: / lib/security/system-auth


There is a mistake in the documentation:

On the DB2 server, modify /etc/pam.d/centrifydc_db2userpass as follows: 

auth include system-auth 
auth required 
account include system-auth

Note: Using (instead of manual configuration), will create /etc/pam.d/centrifydc_db2userpass with the following contents:

auth       required service=system-auth
auth       required
account    required service=system-auth

After these steps, restart Centrify (service centrifydc restart) and DB2 (optional).

If the local user still has an issue connecting to instance, please contact Support.

Centrify will be correcting this mistake in future documentation.