Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

DBD::Sybase with Repserver and password encryption

by Anonymous Monk
on May 20, 2020 at 10:16 UTC ( #11116973=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks

I have an issue using DBD::Sybase and Repserver with the encryptPassword flag set

#!/usr/bin/perl -w use strict; use DBI; my $server="MY_REPSERVER"; my $user="repserv_user"; my $pass="welcome"; my $dbh = DBI->connect("dbi:Sybase:server=$server", loginTimeout=20;ti +meout=60;encryptPassword=1, $user, $pass,{ PrintError => 0, # Don't print + warning messages RaiseError => 1 } ); my $sth = $dbh->prepare("Admin who_is_down"); $sth->execute;

This is the error it produces

DBI connect('server=MY_REPSERVER;loginTimeout=20;timeout=60;encryptPas +sword=1','repserv_user',...) failed: Server message number=14021 seve +rity=12 state=0 line=0 server=MY_REPSERVER text=Invalid login attempt +ed by user 'repserv_user' OpenClient message: LAYER = (4) ORIGIN = (1 +) SEVERITY = (4) NUMBER = (44) Server MY_REPSERVER, database Message String: ct_connect(): protocol specific layer: external error: + The attempt to connect to the server failed.

The target Sybase repserver and corresponding RSSD server have network password enabled which is a security requirement we have to abide by

I raised a case with SAP about this but they say it's only an issue with Perl and were not able to assist. Using isql/sqsh I have no issues. But due to the huge amount of perl code we have I'd like to resolve this issue if possible without reverting to using an alternative

The code above works fine when the encryptPassword=1 is not set but it then invaildates the security requirement. The same code works fine against a Sybase ASE with encryptPassword=1 set

We are using the latest version of DBD::Sybase that was released (yes I am aware it is fairly old now)

Has anybody seen this issue before or can maybe shed some light on how I overcome this problem ?

Thanks in advance

Replies are listed 'Best First'.
Re: DBD::Sybase with Repserver and password encryption
by parv (Vicar) on May 21, 2020 at 02:15 UTC

    I don't have much to offer but only a point of investigation: does encrypted password actually reach replication server as such via isql?

    From OP, seems like RSSD hosted separately from replication server. That in ASE 15 era could be served via ASE itself. So, are you able to connect to RSSD server with encryptPassword = 1?

      Yes I can connect to the RSSD server which is an ASE using the encryptPassword=1 if my example is changed to point at the RSSD instead

      If I am using isql then using the isql equivalent (isql -X) of the DBD::Sybase encryptPassword=1 works fine. It also works if I use sqsh -X. The only thing that does not work is the perl code version

      Is there any extra tracing I can add to the dbi call to see if that shows anymore diagnstic information that might be of assistance ?

        Per Jan 2005 thread, you may need to turn off transaction and/or assign error handler callback sub when connecting to replication server. OTOH if you can connect to replication server without encryptPassword and can execute a command successfully, then I don't see how that advice would help.

        (Some of the bug reports are available on Michael P's (maintainer's) website, e.g. 441: amdmin who,sqm fails while in a transaction, 2002.)

        Could you list the versions of ...

        • perl & DBD::Sybase;
        • the external libraries (e.g. freetds or ones from AES) that DBD::Sybase uses;
        • isql;
        • Replication Server
        ... for possibly others to help?

        You could do DBI->trace(4); before connect() to see where the issue is at more granular level.

        At this point all I can say is to check that encrypted passwords match as sent by isql & DBD::Sybase (say, via tcpdump or some other network packet analyzer) to the replication server.

Re: DBD::Sybase with Repserver and password encryption
by Anonymous Monk on May 20, 2020 at 12:23 UTC

    Updated example code

    use strict; use warnings; use DBI; use DBD::Sybase; my $server="MY_REPSERVER"; my $user="reserv_user"; my $pass="welcome"; my $DbiTarget="dbi:Sybase:server=$server"; $DbiTarget .= ";encryptPassword=1"; my $dbh = DBI->connect($DbiTarget, $user, $pass); my $sth = $dbh->prepare("Admin who_is_down"); $sth->execute;
      ... which doesn't work, yes?

        That is correct

        If this line is commented out then it works

         $DbiTarget .= ";encryptPassword=1";
        A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://11116973]
Approved by marto
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2020-06-05 10:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you really want to know if there is extraterrestrial life?



    Results (37 votes). Check out past polls.

    Notices?