On 23-2-2019 13:02, Lester Caine wrote:
On 23/02/2019 11:23, Mark Rotteveel wrote:
Yes it is working, even with Firebird 3; except maybe Firebird 3.0.0
and 3.0.1 as I recall there were issues with some of the early
versions, but I can't recall if that was pre-release or not.
I beg to differ! I've just been working through this in the last few days.
Clean machine ... fresh install of SUSE 15.0/Gnome ... all software
installed onto new main disk ( data disks separate ).
Firebird 3.0.2 along with Flamerobin 0.9.3.1, nginx 1.14.0 and PHP 7.2.5
Why 3.0.2? Firebird 3.0.4 has been out for almost 5 months now (and
3.0.3 a year).
From previous experience I had stripped the firebird.conf back to
AuthServer = Legacy_Auth
AuthClient = Legacy_Auth
UserManager = Legacy_UserManager
WireCrypt = Disabled
I can add ', Srp' to UserManager and AuthClient but if I add it to
AuthServer then both Flamerobin and PHP fail to connect.
FlameRobin gives
---
Engine Code : 335544472
Engine Message :
Your user name and password are not defined. Ask your database
administrator to set up a Firebird login.
Install incomplete, please read the Compatibility chapter in the release
notes for this version
---
So currently I have
AuthServer = Legacy_Auth
AuthClient = Legacy_Auth, Srp
UserManager = Legacy_UserManager, Srp
WireCrypt = Disabled
And I am connecting and working ... AVOIDING following the Compatibility
chapter ... so where am I going wrong?
Why are you spending so much energy avoiding that chapter?
In any case, if Srp is checked before Legacy_Auth the security database
must be properly initialized for Srp. And Srp will be checked first if
AuthServer **contains** Srp (in any order) when the client starts with
Srp (the client is leading with regard to order of authentication).
If you are using a Firebird 3 fbclient that doesn't have a firebird.conf
in the same directory as the fbclient.dll / libfbclient.so, it will use
the default AuthClient setting, which has Srp first, which means an
authentication attempt with Srp will be done first. Which is likely what
happens in your case.
The AuthClient setting in the server firebird.conf is only applied when
the server acts as a client (execute statement on external datasource),
it doesn't apply to client libraries in a different location.
You need to initialize the security database for SRP to get rid of that
error. This can be done by creating a user (any user) with SRP. Creating
a user (and - if not needed - dropping that user) should be enough (see
also a similar exchange we had in January, eg my post in
firebird-support at 17 Jan 2019 21:28:16 +0100).
create user someuser password 'xyz' using plugin Srp;
commit;
-- optionally drop user
drop user someuser using plugin Srp;
commit;
I think that a lot of grief could have been avoided if SRP
initialization would have been done as part of the default
initialization of the security3.fdb in the distribution instead of
leaving that to the users.
I think in your setup you shouldn't even need to use Legacy_Auth
assuming all clients can be deployed with a Firebird 3 fbclient.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
