Firebird 3 sysdba password stunning issue - McMap

About

Firebird 3 sysdba password stunning issue

Asked 23/4, 2016 at 16:54 Answered 23/4, 2016 at 19:55

wildfly firebird jaybird firebird-3.0

N

1

5

I migrated from firebird 2.5.x to 3.0 i have changed firebird.conf :

WireCrypt = Enabled
AuthServer = Legacy_Auth, Srp, Win_Sspi

after that here you are what happened:

I can connect from Netbeans IDE using SYSDBA masterkey. I can connect from FlameRobin (database admin. tool) using SYSDBA with other password. I can not connect from Wild-Fly server using SYSDBA with that other password.

I am really wondering.!!

Nth answered 23/4, 2016 at 16:54 Comment(5)

Maybe Flamerobin connection is done through an embedded server which doesnt check passwords at all. – Norsworthy 23/4, 2016 at 17:37

okay, why flameRobin rejects connection with "masterkey"? – Nth 23/4, 2016 at 17:46

What value has SecurityDatabase parameter in firebird.conf? – Norsworthy 23/4, 2016 at 19:7

Can I assume you are using Jaybird 2.2.x? – Corrigible 23/4, 2016 at 19:45

yes, I am using jaybird 2.2.10 – Nth 23/4, 2016 at 20:10

C

8

I assume you are using Jaybird 2.2.x (or earlier) when connecting from Netbeans and Wildfly. With Firebird 3 a new authentication model was introduced called SRP (Secure Remote Password). Jaybird 2.2.x doesn't support this new authentication model (support will be added in Jaybird 3.0), so you need to use the Legacy_Auth plugin.

Users have a separate identity per plugin, this means that you (can) have two users with the name SYSDBA, one for SRP and one for Legacy_Auth. These users have their own passwords.

So when you connect from Netbeans and Wildfly, you need to specify the password of the legacy authentication user. This password appears to be masterkey, or actually: masterke as legacy passwords are only 8 characters.

When you connect from flamerobin, you can use the 'other' password (of the SRP sysdba user) as flamerobin uses the Firebird 3 fbclient.dll/libfbclient.so and therefor supports the new SRP authentication model.

As far as I know flamerobin should also be able to authenticate with the password of the legacy sysdba user (when login fails, it should try the next plugin). I will test that tomorrow.

Corrigible answered 23/4, 2016 at 19:55 Comment(4)

@Nth I suspect the 'problem' with flamerobin might be due to the order of plugins. You have set AuthServer to try Legacy_Auth first, while the (default) for AuthClient is to try Srp first. I'll try that tomorrow. – Corrigible 23/4, 2016 at 20:14

is it important to set the same order both for client and server? – Nth 23/4, 2016 at 20:58

@Nth I commented earlier that it doesn't depend on order, but it does; I'm not exactly sure which combination allows or disallows it. It seems a bit fishy. – Corrigible 24/4, 2016 at 8:22

@Nth It seems to be a combination of order that plugins are tried, and that the first plugin for which the username is known will reject and end the authentication if the password is wrong. I still think it is a bug, and I have asked the Firebird core developers for clarification. – Corrigible 24/4, 2016 at 8:57

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.