A back trace of the corresponding core file shows that the crash occurs in the nss_vas_str_to_group function in the getgrgid() call.
Example: 0x09000000016A5148 nss_vas_str_to_group + 0x3CC
In may also show up further down in the trace as follows without the nss line:
Product Defect: 268477
The fix for product defect 268477 is available in version 5.0.3 of Safeguard Authentication Services and up.
The release notes are here:
The workaround is to set the following for the DB2 instance:
DB2set -> DB2_ALTERNATE_GROUP_LOOKUP to GETUSERATTR
Please note that it is per instance as well, so if you are hosting multiple db2 instances on a system you will need to make the change on all of the instances.
NOTE: The information below this line is only needed if there are permissions issues when applying the above noted DB2set.
If DB2_ALTERNATE_GROUP_LOOKUP can be set to GETUSERATTR without issue then no further changes are required.
In order to make the above change DB2 requires that the DB2 instance owner be a direct member of the instance group. If the owner is only implied, meaning their PGID is that of the instance group but they are not actually in that group it will fail to set the value.
The fix for this is to either make the instance owner a direct member of the group or use the following setting:
1) run the following command to update the vas.conf file with the needed configuration:
/opt/quest/bin/vastool configure vas nss_vas include-implicit-members true
Then run the following command which will tell the Authentication Services vasd daemon to implement the change.
2) /opt/quest/libexec/vas/sugi/asdcom SendEntFlush
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz