Changing SYSDBA password

[Ertan Küçükoglu]

Hello,

I am using FirebirdSQL 4.0.1 on a Windows system. I have following lines (default) in my databases.conf

security.db = $(dir_secDb)/security4.fdb

{

RemoteAccess = false

DefaultDbCachePages = 256

}

I have following lines in my firebird.conf file

AuthClient = Legacy_Auth, Srp256, Srp #Windows clients

UserManager = Legacy_UserManager

WireCrypt = Enabled

I am doing following to change my SYSDBA password:

- Stop FirebirdSQL service

- go to FirebirdSQL installation directory

- run "isql -user sysdba security4.fdb"

- execute "alter user sysdba password '12345' using plugin Legacy_UserManager;"

- I tried both long and 8 character passwords just in case

- commit and quit

- run FirebirdSQL service

- Try to login with a new password and I get "your username or password is not defined" error.

Unfortunately, that does not work for me and the new password is not working. I see just one user if I check for user list

SQL> show users;

Users in the database

  2 #SYSDBA

SQL>

There is only one FirebirdSQL 4.0 installation on my system. There is just security4.fdb and security4.fdb.empty files in the installation path.

I have no idea why changing the password is not working for me. I appreciate any help on changing my SYSDBA password.

Thanks & Regards,

Ertan Küçükoğlu

[Dimitry Sibiryakov]

Ertan Küçükoglu wrote 11.03.2022 17:32:
> - execute "alter user sysdba password '12345' using plugin Legacy_UserManager;"
>

> I have no idea why changing the password is not working for me.

Most likely you have SYSDBA in Srp user manager, not legacy one.

--
WBR, SD.

[Mark Rotteveel]

On 11-03-2022 17:32, Ertan Küçükoglu wrote:
> I am using FirebirdSQL 4.0.1 on a Windows system. I have following lines
> (default) in my databases.conf

[..]

> I have following lines in my firebird.conf file
>
> AuthClient = Legacy_Auth, Srp256, Srp #Windows clients
> UserManager = Legacy_UserManager
> WireCrypt = Enabled

What is your AuthServer setting?

> I am doing following to change my SYSDBA password:
> - Stop FirebirdSQL service
> - go to FirebirdSQL installation directory
> - run "isql -user sysdba security4.fdb"
> - execute "alter user sysdba password '12345' using plugin
> Legacy_UserManager;"
> - I tried both long and 8 character passwords just in case
> - commit and quit
> - run FirebirdSQL service
> - Try to login with a new password and I get "your username or password
> is not defined" error.
>
> Unfortunately, that does not work for me and the new password is
> not working. I see just one user if I check for user list
>
> SQL> show users;
> Users in the database
>   2 #SYSDBA
> SQL>
>
> There is only one FirebirdSQL 4.0 installation on my system. There is
> just security4.fdb and security4.fdb.empty files in the installation path.
>
> I have no idea why changing the password is not working for me. I
> appreciate any help on changing my SYSDBA password.

Set `UserManager` to `UserManager = Legacy_UserManager, Srp`, and also
alter SYSDBA for Srp (or if it doesn't exist yet, create it). Possibly
the application you're trying to use tries only Srp or Srp256 and not
Legacy_Auth, or the AuthServer is not set, so only Srp256 is accepted
(the default).

As an aside, you don't need to connect to the security database to
change the password: any local database will do.

Mark
--
Mark Rotteveel

[Ertan Küçükoglu]

My AuthServer setting is default as below:

#AuthServer = Srp256

How can I create SYSDBA for Srp? Below didn't work for me.

SQL> create user sysdba password '12345' using plugin Srp;

Statement failed, SQLSTATE = 28000

User management plugin is missing or failed to load

SQL>

Thanks & Regards,

Ertan Küçükoğlu

Mark Rotteveel <ma...@lawinegevaar.nl>, 11 Mar 2022 Cum, 19:47 tarihinde şunu yazdı:

--
You received this message because you are subscribed to the Google Groups "firebird-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-suppo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-support/96e95ced-c7f2-ddde-f843-9fcd62a6e072%40lawinegevaar.nl.

[Mark Rotteveel]

On 11-03-2022 18:04, Ertan Küçükoglu wrote:
> My AuthServer setting is default as below:
>
> #AuthServer = Srp256
>
> How can I create SYSDBA for Srp? Below didn't work for me.
>
> SQL> create user sysdba password '12345' using plugin Srp;
> Statement failed, SQLSTATE = 28000
> User management plugin is missing or failed to load
> SQL>

In your previous mail you stated that you had the following setting in
your firebird.conf:

UserManager = Legacy_UserManager

That means that the Srp user manager is not loaded, so you cannot use
it. Change it to

UserManager = Legacy_UserManager, Srp

or, IMHO better (as then CREATE/ALTER/DROP USER default to Srp):

UserManager = Srp, Legacy_UserManager

or, if you don't use Legacy_Auth at all:

UserManager = Srp

Mark

--
Mark Rotteveel

[Ertan Küçükoglu]

Actually, all I would like is to change the SYSDBA password with the given configuration and I cannot.

I am not after using Srp and only tried to add/set it because it may be a reason for me that my SYSDBA password change attempts are not working.

Thanks & Regards,

Ertan

Mark Rotteveel <ma...@lawinegevaar.nl>, 11 Mar 2022 Cum, 20:16 tarihinde şunu yazdı:

--
You received this message because you are subscribed to the Google Groups "firebird-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-suppo...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-support/2e0c328c-c3d9-9081-9622-e1244e8cd693%40lawinegevaar.nl.

[Mark Rotteveel]

On 11-03-2022 18:49, Ertan Küçükoglu wrote:
> Actually, all I would like is to change the SYSDBA password with the
> given configuration and I cannot.
> I am not after using Srp and only tried to add/set it because it may be
> a reason for me that my SYSDBA password change attempts are not working.

You're currently using a server configuration that *only* accepts Srp256
as the authentication plugin, while you have configured the password of
a Legacy_UserManager/Legacy_Auth user. That *cannot* work.

Users exist *per user manager*, and each user manager is associated with
on or more authentication plugins. That is Legacy_UserManager ->
Legacy_Auth, and Srp -> Srp, Srp256, Srp224, Srp384, Srp512.

This means that you must do one of two things:

1) Add Srp to the UserManager setting and create (or alter) SYSDBA using
plugin Srp so you can authenticate using the Srp256 authentication plugin

or

2) Add Legacy_Auth to the AuthServer plugin so you can authenticate
using Legacy_Auth with the password you configured through the
Legacy_UserManager.

Mark

> Mark Rotteveel <ma...@lawinegevaar.nl <mailto:ma...@lawinegevaar.nl>>, 11

> <mailto:firebird-support%2Bunsu...@googlegroups.com>.

> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/firebird-support/2e0c328c-c3d9-9081-9622-e1244e8cd693%40lawinegevaar.nl

> <https://groups.google.com/d/msgid/firebird-support/2e0c328c-c3d9-9081-9622-e1244e8cd693%40lawinegevaar.nl>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "firebird-support" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to firebird-suppo...@googlegroups.com

> <mailto:firebird-suppo...@googlegroups.com>.

> To view this discussion on the web, visit

> https://groups.google.com/d/msgid/firebird-support/CAH2i4ydaXWGHVERM2-HTzuB%2BTgZ6meOJTxy8gvEmNx8aTOwGmw%40mail.gmail.com
> <https://groups.google.com/d/msgid/firebird-support/CAH2i4ydaXWGHVERM2-HTzuB%2BTgZ6meOJTxy8gvEmNx8aTOwGmw%40mail.gmail.com?utm_medium=email&utm_source=footer>.


--
Mark Rotteveel