On 17-1-2019 22:11, Lester Caine [email protected] [firebird-support] wrote: > On 17/01/2019 20:36, Mark Rotteveel [email protected] > [firebird-support] wrote: >>> WHAT am I not reading here? >> I'd suggest to explicitly specify the user manager plugin you want to >> use instead of leaving it to the specific configuration (doing this will >> also detect problems if an expected user manager is not installed or not >> the first in the list). >> >> Eg, use >> create user sysdba password '..' using plugin Legacy_UserManager; > Statement failed, SQLSTATE = 23000 > add record error > -violation of PRIMARY or UNIQUE KEY constraint "INTEG_2" on table > "PLG$USERS" > -Problematic key value is ("PLG$USER_NAME" = 'SYSDBA')
Ok, then we can be 100% sure that the Legacy_Auth SYSDBA exists. >> Note: this requires that specified plugin is listed in the UserManager >> config in firebird.conf. > WireCrypt = Disabled > AuthServer = Legacy_Auth, Srp, WinSspi > AuthClient = Legacy_Auth, Srp, Win_Sspi > UserManager = Legacy_UserManager > >> Also, what is the output of `select SEC$USER_NAME, SEC$PLUGIN from >> SEC$USERS`? > Got two users currently > SYSDBA Legacy_UserManager > LSCES Legacy_UserManager > > AH ... strip the unused modes ... > AuthServer = Legacy_Auth > AuthClient = Legacy_Auth > And I can access it from Flamerobin on the development machine. This suggests that the client used by FlameRobin used the order Srp, Legacy_Auth. There were several bugs in the early Firebird 3 releases related to authentication, which may have been involved as well. Checking the tracker, I think your problem is/was CORE-5485. I that thought was fixed, but it is still open because Alex disagrees with my assessment that any authentication related failure should continue with the next plugin until all plugins have been tried. I probably had mixed it up with the similar CORE-5225 which is fixed. > But PHP gives > fbird_connect(): Incompatible wire encryption levels requested on client > and server > That is PHP on the same machine as FB3 That suggests this client used a config with WireCrypt = Required (which isn't supported by Legacy_Auth and which you explicitly disabled on the server), or maybe there was a client bug that isn't listed in the tracker (but I don't think so). In any case, glad to hear you fixed it by upgrading. However, given all you methods of connecting seem to support Srp, why do you insist on using Legacy_Auth? (out of curiosity) Mark -- Mark Rotteveel
