Connecting to FB4/5 with old fbclient

[Florian Hector]

Hi,

I need to connect to a FB4 or FB5 database using the latest fbclient.dll (2.5.9.27130) running on
Win2000 (OS cannot be upgraded for the time being).
The comments in firebird.conf seem to suggest that this is possible, alas all my trials with
different settings regarding ServerAuth, ClientAuth and UserManager end with the error "Connection
rejected by remote interface".

So, is it at all possible or am I wasting my time.

Thanks for any help

Florian

[Dimitry Sibiryakov]

Florian Hector wrote 07.05.2026 17:25:
> The comments in firebird.conf seem to suggest that this is possible, alas all my
> trials with different settings regarding ServerAuth, ClientAuth and UserManager
> end with the error "Connection rejected by remote interface".
>
> So, is it at all possible or am I wasting my time.

Yes, it should be possible.

Most likely you forgot to switch "WireEncryption" from "required" to
"enabled" in the server's firebird.conf in additional to adding "Legacy_Auth" to
"AuthServer".

--
WBR, SD.

[Mark Rotteveel]

Yes it is possible, but in the server's firebird.conf

1) AuthServer (not ServerAuth) must include Legacy_Auth (preferably
*after* the more secure authentication plugins), e.g.

AuthServer = Srp256, Srp, Legacy_Auth


2) WireCrypt must be set to Enabled (or Disabled, but use of Enabled is
preferred so you don't remove encryption for clients that do support
it); the default is Required (which is what causes your current error), so:

WireCrypt = Enabled

3) You need to add Legacy_UserManager to UserManager, so:

UserManager = Srp, Legacy_UserManager

If UserManager is currently commented out, or explicitly configured to
Srp, *do not* add Legacy_UserManager first, and *do not* remove Srp, as
that will lower security as unqualified user management statements
(without USING PLUGIN) and deprecated gsec will then manage less secure
legacy users by default, and it could break things (like listing all
users, or users managing their own password)

4) You must create a user using this legacy user manager:

create user THE_USER password 'thepassword' using plugin Legacy_UserManager;

A user created with Srp cannot be authenticated by an old client (users
exist per user manager).

The setting AuthClient (not ClientAuth) is not involved at all (it
essentially configures the server as client, and other applications in
the Firebird installation).

See also the instructions I wrote for Jaybird 2.2 (which basically had
the same limitations as the Firebird 2.5 or older fbclient.dll):

https://github.com/FirebirdSQL/jaybird/wiki/Jaybird-and-Firebird-3#jaybird-22-and-earlier

Mark
--
Mark Rotteveel

[Florian Hector]

Hi Dimitry and Mark,

finally with your help it works. The error with the not recognized user came up before but who would
have thought the it makes a difference how the user was created.

Anyway, thank both of you very much.

F.