KFAA31688-E


      
         User authorization using aa....aa failed. <SQLSTATE:28503>

         
            
               aa....aa: User authentication method

               
                  
                     
                        PAM: PAM authentication

                     

                     
                        Keycloak: Keycloak authentication

                     

                  

               

            
            
               bb....bb:

               
                  Cause of the error

               

            
            
               S:

               
                  Ignores this SQL statement. Alternatively, the system invalidates this transaction.

               

            
            
               Action:

               
                  Take corrective action as described in the following table: Then, run user authorization.

                  

                        
                        
                        
                        
                           
                              
                                 Information output to bb....bb

                              

                              
                                 Cause of the error

                              

                              
                                 Corrective action to take

                              

                           

                        

                        
                           
                              
                                 the specified user does not exist

                              

                              
                                 There is no external user (e.g., OS user) corresponding to the specified authorization identifier.

                              

                              
                                 Verify that there is an external user (e.g., OS user) corresponding to the specified authorization identifier. After that, specify the authorization identifier and password corresponding to the external user (e.g., OS user) that exists.

                              

                           

                           
                              
                                 the specified password has expired

                              

                              
                                 The specified password has expired.

                              

                              
                                 Update the password expiration date for the external user (e.g., OS user) corresponding to the specified authorization identifier.

                              

                           

                           
                              
                                 the specified user account has expired

                              

                              
                                 The specified user account has expired.

                              

                              
                                 Update the expiration date of the account of the external user (e.g., OS user) corresponding to the specified authorization identifier.

                              

                           

                           
                              
                                 authentication failed

                              

                              
                                 Authentication failed.

                              

                              
                                 The following describes the causes for the user authorization failure and the corrective action to take.

                                 Common to PAM authentication and Keycloak
                                    authentication:

                                 
                                    
                                       The password is invalid

                                       Check that the password is correct and enter the correct
                                          password.

                                    

                                 

                                 In the case of PAM authentication:

                                 
                                    
                                       The PAM configuration file (/etc/pam.d/hadb) does not exist

                                       Check whether the PAM configuration file exists on the server machine. If the PAM configuration file does not exist, refer to PAM Settings in PAM Authentication Preferences of the manual HADB Setup and Operation Guide to store the PAM configuration file on the server machine and set permissions.

                                    

                                    
                                       Permissions in the PAM configuration file (/etc/pam.d/hadb) are invalid

                                       Check that the permissions for the PAM configuration file are correct. If the PAM configuration file permissions are invalid, refer to PAM Settings in PAM Authentication Preferences of the manual HADB Setup and Operation Guide to set the appropriate permissions.

                                    

                                 

                                 If the above solution does not resolve the problem, please refer to the OS manual on PAM authentication errors and eliminate the cause of the error.

                                 In the case of Keycloak authentication:

                                 Detailed information about the error cause is output in
                                    the immediately preceding error message. Follow this detailed
                                    information to take appropriate action.

                              

                           

                           
                              
                                 password decryption failed

                              

                              
                                 Failed to decrypt password.

                              

                              
                                 Specify the path name of the correct public key file in the client definition's adb_clt_passwd_pubkey_path operand using an absolute path.

                                 If an error occurs when executing the command, specify the path name of the correct public key file in the server definition's adb_cmd_passwd_pubkey_path operand using an absolute path.

                              

                           

                           
                              
                                 the access token is invalid

                              

                              
                                 The access token is invalid.

                              

                              
                                 The following causes are possible. Review your settings.

                                 
                                    
                                       The access token has expired.

                                    

                                    
                                       The issuer of the access token is incorrect.

                                    

                                    
                                       A token signature algorithm not supported by HADB is being
                                          used.

                                    

                                    
                                       The hostname is not specified in
                                          the Keycloak configuration file.

                                       If the adb_auth_clt_keyc_endpoint operand is specified in
                                          the server definition and the hostname is not specified in the Keycloak
                                          configuration file, the issuer of the access token may be
                                          considered incorrect. For details about specifying hostname, see Specifying the
                                          configuration file of Configuration on the
                                          Keycloak server under Environment settings for Keycloak
                                          authentication in the manual HADB Setup and
                                          Operation Guide. After specifying the hostname, restart the Keycloak
                                          server.

                                    

                                 

                              

                           

                           
                              
                                 an error occurred in the attempt to call a PAM library function

                              

                              
                                 An error occurred while calling a PAM library function.

                              

                              
                                 Eliminate the cause of the error based on the message that was
                                    output immediately prior to this message.

                              

                           

                           
                              
                                 an error occurred in the attempt to call an OpenSSL library function

                              

                              
                                 An error occurred while calling an OpenSSL
                                    library function.

                              

                           

                           
                              
                                 an error occurred in the attempt to call a
                                    libcurl library function

                              

                              
                                 An error occurred during the call to the libcurl library
                                    function. 

                              

                           

                           
                              
                                 an error occurred in the attempt to call a
                                    jansson library function

                              

                              
                                 An error occurred during the call to the jansson library
                                    function. 

                              

                           

                           
                              
                                 an error occurred in the attempt to call a
                                    cjose library function

                              

                              
                                 An error occurred during the call to the cjose library
                                    function.

Information output to bb....bb	Cause of the error	Corrective action to take
the specified user does not exist	There is no external user (e.g., OS user) corresponding to the specified authorization identifier.	Verify that there is an external user (e.g., OS user) corresponding to the specified authorization identifier. After that, specify the authorization identifier and password corresponding to the external user (e.g., OS user) that exists.
the specified password has expired	The specified password has expired.	Update the password expiration date for the external user (e.g., OS user) corresponding to the specified authorization identifier.
the specified user account has expired	The specified user account has expired.	Update the expiration date of the account of the external user (e.g., OS user) corresponding to the specified authorization identifier.
authentication failed	Authentication failed.	The following describes the causes for the user authorization failure and the corrective action to take. Common to PAM authentication and Keycloak authentication: The password is invalid Check that the password is correct and enter the correct password. In the case of PAM authentication: The PAM configuration file (/etc/pam.d/hadb) does not exist Check whether the PAM configuration file exists on the server machine. If the PAM configuration file does not exist, refer to PAM Settings in PAM Authentication Preferences of the manual HADB Setup and Operation Guide to store the PAM configuration file on the server machine and set permissions. Permissions in the PAM configuration file (/etc/pam.d/hadb) are invalid Check that the permissions for the PAM configuration file are correct. If the PAM configuration file permissions are invalid, refer to PAM Settings in PAM Authentication Preferences of the manual HADB Setup and Operation Guide to set the appropriate permissions. If the above solution does not resolve the problem, please refer to the OS manual on PAM authentication errors and eliminate the cause of the error. In the case of Keycloak authentication: Detailed information about the error cause is output in the immediately preceding error message. Follow this detailed information to take appropriate action.
password decryption failed	Failed to decrypt password.	Specify the path name of the correct public key file in the client definition's adb_clt_passwd_pubkey_path operand using an absolute path. If an error occurs when executing the command, specify the path name of the correct public key file in the server definition's adb_cmd_passwd_pubkey_path operand using an absolute path.
the access token is invalid	The access token is invalid.	The following causes are possible. Review your settings. The access token has expired. The issuer of the access token is incorrect. A token signature algorithm not supported by HADB is being used. The hostname is not specified in the Keycloak configuration file. If the adb_auth_clt_keyc_endpoint operand is specified in the server definition and the hostname is not specified in the Keycloak configuration file, the issuer of the access token may be considered incorrect. For details about specifying hostname, see Specifying the configuration file of Configuration on the Keycloak server under Environment settings for Keycloak authentication in the manual HADB Setup and Operation Guide. After specifying the hostname, restart the Keycloak server.
an error occurred in the attempt to call a PAM library function	An error occurred while calling a PAM library function.	Eliminate the cause of the error based on the message that was output immediately prior to this message.
an error occurred in the attempt to call an OpenSSL library function	An error occurred while calling an OpenSSL library function.
an error occurred in the attempt to call a libcurl library function	An error occurred during the call to the libcurl library function.
an error occurred in the attempt to call a jansson library function	An error occurred during the call to the jansson library function.
an error occurred in the attempt to call a cjose library function	An error occurred during the call to the cjose library function.