| Title: | Oracle Rdb - Still a strategic database for DEC on Alpha AXP! |
| Notice: | RDB_60 is archived, please use RDB_70��.. |
| Moderator: | NOVA::SMITHI�SON |
| Created: | Fri Mar 18 1994 |
| Last Modified: | Thu May 29 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 5118 |
| Total number of notes: | 28246 |
Hi,
OpenVMS V6.2 (VAX or Alpha)
Rdb V6.1A or V6.1-04
UCX=DEC TCP/IP Services for OpenVMS VAX Version V3.3 - ECO Level 1
DEC TCP/IP Services for OpenVMS AXP Version V3.3 - ECO Level 1
A customer is experiencing a problem with Rdb remote proxy access using TCP/IP.
Remote proxy access using DECNET works fine. Remote access using TCP/IP
works fine when a username and password is specified, and the rdbserver object
does not have the proxy flag set. Proxy access to the same node (FORCE)
using the TCP/IP RSH service works also.
If the rdbserver object has the proxy flag set, NEITHER remote proxy access or
explicit remote access works. The request hangs. Notice that the RDB_BG9250
process is never created.
I have reproduced this behavior on our Oracle Test cluster. It looks like a
bug, but maybe there is another answer.
Below is the output produced when the dsp_debug_flags is defined to true in
the RDB$CLIENT_DEFAULTS.DAT file. I have also included the information from
UCX.
Input is appreciated.
Thanks,
Lisa
*** UNSUCCESSFUL PROXY ACCESS ***
BLANCA>ucx
UCX> show service rdbserver /full
Service: RDBSERVER
State: Enabled
Port: 1 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: RDB$REMOTE Process: RDB
Limit: 10 Active: 0 Peak: 0
File: SYS$SYSTEM:RDBSERVER.COM
Flags: Listen Proxy
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: None
File: not defined
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
UCX> show service rsh /full
Service: RSH
State: Enabled
Port: 514 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: Process: UCX$RSHD
Limit: 3 Active: 0 Peak: 1
File: SYS$SYSDEVICE:[UCX$RSH]UCX$RSHD_STARTUP.COM
Flags: Case Listen Proxy Rexe
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: Acpt Actv Dactv Conn Error Exit Mdfy Rjct TimO Addr
File: not defined
Separators:
Port: 0 User_name: 0 Password: 0 Command: 0
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
UCX> show proxy lsmith
VMS User_name Type User_ID Group_ID Host_name
LSMITH CD LSMITH LONGS
LSMITH C LSMITH BLANCA
LONGS>ucx
UCX> show service rdbserver /full
Service: RDBSERVER
State: Enabled
Port: 1 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: RDB$REMOTE Process: RDB
Limit: 10 Active: 0 Peak: 0
File: SYS$SYSTEM:RDBSERVER.COM
Flags: Listen Proxy
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: None
File: not defined
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
UCX> show service rsh /full
Service: RSH
State: Enabled
Port: 514 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: Process: UCX$RSHD
Limit: 3 Active: 0 Peak: 1
File: SYS$SYSDEVICE:[UCX$RSH]UCX$RSHD_STARTUP.COM
Flags: Case Listen Proxy Rexe
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: Acpt Actv Dactv Conn Error Exit Mdfy Rjct TimO Addr
File: not defined
Separators:
Port: 0 User_name: 0 Password: 0 Command: 0
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
UCX> show proxy lsmith
VMS User_name Type User_ID Group_ID Host_name
LSMITH CD LSMITH BLANCA
BLANCA>type sys$login:RDB$CLIENT_DEFAULTS.DAT
sql_network_transport_type tcpip
dsp_debug_flags true
BLANCA>define/system RDB$SYSTEM_DEFAULTS sys$login:RDB$CLIENT_DEFAULTS.DAT
BLANCA>show logical RDB$SYSTEM_DEFAULTS
"RDB$SYSTEM_DEFAULTS" = "SYS$LOGIN:RDB$CLIENT_DEFAULTS.DAT" (LNM$SYSTEM_TABLE
)
BLANCA>rmu/show version
Executing RMU for DEC Rdb V6.1-1
LONGS>rmu/show version
Executing RMU for DEC Rdb V6.1-04
BLANCA>sql
** CLIENT: Loading image SYS$COMMON:[SYSLIB]RDB$SHARE.EXE
SQL> attach 'file longs::DISK$USR1:[LSMITH.rdb61]mf_personnel';
** CLIENT: Engine config filename = SYS$COMMON:[SYSLIB]rdb$engine_configuration.
dat
** CLIENT: The parsed database filename = LONGS::DISK$USR1:[LSMITH.RDB61]MF_PERS
ONNEL
** CLIENT: security: Calling cosi_implicit_authent_client.
** CLIENT: security: status from cosi_implicit_authenticate_client = 0X1
** CLIENT: security: implicit authenticate subcode... = 0X1
** CLIENT: security: implicit authenticate port number = 0X0
** CLIENT: Calling cosi_ipc_allocate_connection for service RdbServer
** CLIENT: Calling cosi_ipc_connect to node LONGS
LONGS>show system/network
OpenVMS V6.2 on node LONGS 17-FEB-1997 09:14:50.25 Uptime 69 08:35:57
Pid Process Name State Pri I/O CPU Page flts Pages
2E000092 EVL HIB 6 73 0 00:00:00.16 1615 32 N
2E0000A1 SERVER_0050 LEF 6 5081 0 00:00:06.80 5233 82 N
2E0002E2 UCX$PORTM LEF 10 222 0 00:00:00.31 1178 22 N
2E0027E8 UCX$FTPD LEF 10 540 0 00:00:00.38 278 197 N
2E001B69 UCX$FTPC_1 LEF 6 5592 0 00:00:19.26 358 214 N
2E00276A UCX$FTPC_2 LEF 6 5617 0 00:00:19.91 367 211 N
2E00066C WWW server 8000 HIB 6 130408 0 00:00:42.60 7156 93 N
2E00066F SERVER_0002 LEF 6 75354 0 00:01:08.91 22349 97 N
2E000670 SERVER_0001 LEF 6 435 0 00:00:01.00 447 88 N
LONGS>
Interrupt
BLANCA>exit
BLANCA>sql
** CLIENT: Loading image SYS$COMMON:[SYSLIB]RDB$SHARE.EXE
SQL> attach 'file longs::DISK$USR1:[LSMITH.RDB61]MF_PERSONNEL.RDB user ''lsmith'
' using ''my_password''';
** CLIENT: Engine config filename = SYS$COMMON:[SYSLIB]rdb$engine_configuration.
dat
** CLIENT: The parsed database filename = LONGS::DISK$USR1:[LSMITH.RDB61]MF_PERS
ONNEL.RDB
** CLIENT: Calling cosi_ipc_allocate_connection for service RdbServer
** CLIENT: Calling cosi_ipc_connect to node LONGS
LONGS>show system/network
OpenVMS V6.2 on node LONGS 17-FEB-1997 09:16:46.66 Uptime 69 08:37:53
Pid Process Name State Pri I/O CPU Page flts Pages
2E000092 EVL HIB 6 73 0 00:00:00.16 1615 32 N
2E0000A1 SERVER_0050 LEF 6 5081 0 00:00:06.80 5233 82 N
2E0002E2 UCX$PORTM LEF 10 222 0 00:00:00.31 1178 22 N
2E0027E8 UCX$FTPD LEF 10 540 0 00:00:00.38 278 197 N
2E001B69 UCX$FTPC_1 LEF 6 5592 0 00:00:19.26 358 214 N
2E00276A UCX$FTPC_2 LEF 6 5617 0 00:00:19.91 367 211 N
2E00066C WWW server 8000 HIB 6 130408 0 00:00:42.60 7156 93 N
2E00066F SERVER_0002 LEF 6 75354 0 00:01:08.91 22349 97 N
2E000670 SERVER_0001 LEF 6 435 0 00:00:01.00 447 88 N
Interrupt
BLANCA>exit
BLANCA>rsh longs dir *checksum*
Directory DISK$USR1:[LSMITH]
CHECKSUM_ERROR.TXT;2
Total of 1 file.
LONGS>rsh blanca dir *checksum*
Directory DISK$USR1:[LSMITH]
CHECKSUM_ERROR.TXT;2
Total of 1 file.
*** SUCCESSFUL IMPLICIT ACCESS ***
BLANCA>
UCX> show service rdbserver /full
Service: RDBSERVER
State: Enabled
Port: 1 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: RDB$REMOTE Process: RDB
Limit: 10 Active: 0 Peak: 0
File: SYS$SYSTEM:RDBSERVER.COM
Flags: Listen
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: None
File: not defined
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
LONGS>ucx
UCX> show service rdbserver /full
Service: RDBSERVER
State: Enabled
Port: 1 Protocol: TCP Address: 0.0.0.0
Inactivity: 5 User_name: RDB$REMOTE Process: RDB
Limit: 10 Active: 0 Peak: 0
File: SYS$SYSTEM:RDBSERVER.COM
Flags: Listen
Socket Opts: Rcheck Scheck
Receive: 0 Send: 0
Log Opts: None
File: not defined
Security
Reject msg: not defined
Accept host: 0.0.0.0
Accept netw: 0.0.0.0
BLANCA>sql
** CLIENT: Loading image SYS$COMMON:[SYSLIB]RDB$SHARE.EXE
SQL> attach 'file longs::DISK$USR1:[LSMITH.RDB61]MF_PERSONNEL.RDB user ''lsmith'
' using ''my_password''';
** CLIENT: Engine config filename = SYS$COMMON:[SYSLIB]rdb$engine_configuration.
dat
** CLIENT: The parsed database filename = LONGS::DISK$USR1:[LSMITH.RDB61]MF_PERS
ONNEL.RDB
** CLIENT: Calling cosi_ipc_allocate_connection for service RdbServer
** CLIENT: Calling cosi_ipc_connect to node LONGS
** SERVER: Process PID = 2e0026a9
** SERVER: Loading image SYS$COMMON:[SYSLIB]RDB$SHARE.EXE
** SERVER: Engine config filename = SYS$COMMON:[SYSLIB]rdb$engine_configuration.
dat
** SERVER: The parsed database filename = DISK$USR1:[LSMITH.RDB61]MF_PERSONNEL.R
DB;1
** SERVER: Loading image RDMSHR
** SERVER: security: status from extract_from_buffer = 0X1
** SERVER: security: calling cosi_authenticate for explicit authent.
** SERVER: security: username = lsmith
** SERVER: security: password = my_password
** SERVER: security: status from cosi_authenticate = 0X1
SQL> show database
** CLIENT: trn::trn - TRN CREATED - trn_obj = 0X374540
** CLIENT:
** CLIENT: trn::start; trn_obj = 0X374540
** CLIENT: trn::start; user addr = 0X52c98
** CLIENT: trn::start; Contents of user_address = 0X0
** CLIENT: rdb_ddtm_trn_cls::tm_set_tid; Setting TID to all zeros since the TID
address is 0
** CLIENT: trn::check_mask - 2PC bit is set
** CLIENT: ddtm_trn_cls::tm_is_tid_zero; TID contains all zeros
** CLIENT: ddtm_trn_cls::tm_is_tid_zero; TID contains all zeros
** CLIENT: trn:check_mask: write count=0, tid=0. Turning off 2pc
** CLIENT: trn::start: 2pc involved = 0X0
** CLIENT: trn::start; Parent node BLANCA
** CLIENT: trn::start; db_obj = 0X370358
** SERVER: trn::trn - TRN CREATED - trn_obj = 0Xe58008
** SERVER:
** SERVER: trn::start; trn_obj = 0Xe58008
** SERVER: trn::start; user addr = 0X7ee37688
** SERVER: trn::start; Contents of user_address = 0X0
** SERVER: rdb_ddtm_trn_cls::tm_set_tid; Setting TID to all zeros since the TID
address is 0
** SERVER: trn::check_mask - From server (default 2pc)
** SERVER: check_mask::start - NO 2PC bit is set
** SERVER: ddtm_trn_cls::tm_is_tid_zero; TID contains all zeros
** SERVER: ddtm_trn_cls::tm_is_tid_zero; TID contains all zeros
** SERVER: trn:check_mask: write count=0, tid=0. Turning off 2pc
** SERVER: trn::start: 2pc involved = 0X0
** SERVER: trn::start; Parent node BLANCA
** SERVER: trn::start; db_obj = 0X33cfb8
** SERVER: trn::start - rci trn handle = 0Xe58114
** SERVER: trn::start - trn_db_count = 0X1
** SERVER:
** CLIENT: trn::start - rci trn handle = 0X37464c
** CLIENT: trn::start - trn_db_count = 0X1
** CLIENT:
Default alias:
Rdb database in file longs::DISK$USR1:[LSMITH.RDB61]MF_PERSONNEL.RDB
** CLIENT:
** CLIENT: trn::rollback; trn_obj = 0X374540
** CLIENT: trn::rollback; calling engine - db_obj = 0X370358
** SERVER:
** SERVER: trn::rollback; trn_obj = 0Xe58008
** SERVER: trn::rollback; calling engine - db_obj = 0X33cfb8
** SERVER: sbtrn::~sbtrn - destructing sbtrn 0X1a5810
** SERVER: trn::rollback; zero out in_transid->handle
** SERVER: trn::~rdb_trn_cls - TRN Deleted - trn_obj = 0Xe58008
** SERVER: trn::~rdb_trn_cls - TRN handle = 0Xe58114
** CLIENT: sbtrn::~sbtrn - destructing sbtrn 0X36afe8
** CLIENT: sbtrn::~sbtrn - freeing new remote handle 0X0
** CLIENT: trn::rollback; zero out in_transid->handle
** CLIENT: trn::~rdb_trn_cls - TRN Deleted - trn_obj = 0X374540
** CLIENT: trn::~rdb_trn_cls - TRN handle = 0X37464c
** CLIENT: trn::clear_user_address; trn_obj = 0X374540
** CLIENT: trn::clear_user_address; user_address = 0X7fe813bc
LONGS>show system/network
OpenVMS V6.2 on node LONGS 17-FEB-1997 09:31:02.82 Uptime 69 08:52:10
Pid Process Name State Pri I/O CPU Page flts Pages
2E000092 EVL HIB 6 73 0 00:00:00.16 1615 32 N
2E0000A1 SERVER_0050 LEF 6 5081 0 00:00:06.80 5233 82 N
2E000CB4 RDB_BG9250 LEF 4 324 0 00:00:00.67 576 693 N
2E0002E2 UCX$PORTM LEF 10 222 0 00:00:00.31 1178 22 N
2E0027E8 UCX$FTPD LEF 10 540 0 00:00:00.38 278 197 N
2E001B69 UCX$FTPC_1 LEF 6 5592 0 00:00:19.26 358 214 N
2E00276A UCX$FTPC_2 LEF 6 5617 0 00:00:19.91 367 211 N
2E00066C WWW server 8000 HIB 6 130408 0 00:00:42.61 7156 93 N
2E00066F SERVER_0002 LEF 6 75354 0 00:01:08.91 22349 97 N
2E000670 SERVER_0001 LEF 6 435 0 00:00:01.00 447 88 N
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 5034.1 | NOVA::DICKSON | Mon Feb 17 1997 12:31 | 6 | ||
"Proxy" access is a DECnet thing. The DECnet protocols pass some
account information along. TCP/IP does not do this.
Therefore you can't do VMS "proxy" access over a TCP/IP link.
You must use the USER/USING fields, or put the account name and
password in the RDB$CLIENT_DEFAULTS.DAT file.
| |||||
| 5034.2 | Proxy access needed for the rdbserver account | M5::LSMITH | Mon Feb 17 1997 14:45 | 14 | |
Thanks for the reply.
Further testing showed that if I set up a proxy in TCP/IP on both the
source node and the target node for the account associated with the
rdbserver object (in this case, rdb$remote), I could access the
database. Of course, I had to grant select+show access for the
rdb$remote account on the database and tables. This is a reasonable
solution for read only access. Actually, this seems to work similar to
DECnet.
Thanks again.
Lisa
| |||||
| 5034.3 | Digital states UCX does proxy access | M5::LSMITH | Mon Feb 17 1997 18:18 | 39 | |
I'm afraid I still need some help with this.
The customer wants to have individual authentication done. He needs
more then just read access, and he doesn't want to give rdb$remote
write access.
Actually, when I granted the rdb$remote account access to my db, and
defined proxy access for rdb$remote in tcp/ip, I did not set up true
proxy access.
The customer has called Digital and talked to them about proxy access
via UCX (tcp/ip). Digital stated to the customer, that UCX does allow
proxy access to be done, but it is the responsibility of the
application (Rdb) to check the proxy flag, and if it is set, then check
the UCX proxy database to see if the proxy is defined.
For example:
lsmith is defined in the UCX proxy database on the source and target nodes
the proxy flag is on for the UCX rdbserver services
rdb$share would check the proxy flag and see that it is on
rdb$share would then check the proxy database for authentication
the RDB_BGn service would be created under the username of lsmith
database access would be done via lsmith
The customer strongly believes that proxy access is possible via UCX,
and that Rdb is lacking in functionality and not taking advantage of
it.
I would like to give him an official product response.
Help is appreciated.
Thanks,
Lisa
| |||||
| 5034.4 | NOVA::SMITHI | Don't understate or underestimate Rdb! | Tue Feb 18 1997 09:36 | 5 | |
~ I would like to give him an official product response. Then please use an official channel. Ian | |||||
| 5034.5 | Is the TCP/IP protocols the limiting factor | M5::LSMITH | Wed Feb 19 1997 16:57 | 25 | |
RE: .1
Maybe I am just not understanding your reply. In .3, I was not
discounting your answer in .1 as "unofficial", but was hoping
to get a detailed answer to provide to the customer. If you
would please answer this reply, I would appreciate it.
In my testing, I have found the following:
1. I can have a UCX proxy entry for the account associated with the
rdbserver service, thus eliminating the need for user/using
2. The drawback to 1 is that the RDB_BGn process on the target node
is created with the username associated with the rdbserver service, and
all db access is done via that username.
Is it possible to modify Rdb so that UCX proxy access could be used,
AND the RDB_BGn process on the target/remote node would be created using
the source/local username that initiated the request, or is
>"The DECnet protocols pass some account information along. TCP/IP does
>not do this"
the limiting factor?
Thanks,
Lisa
| |||||
| 5034.6 | DUCATI::LASTOVICA | Is it possible to be totally partial? | Thu Feb 20 1997 16:41 | 20 | |
re: .1
At least with UCX, there does appear to be some ammount
of support for PROXY access. Consider the ADD PROXY command in UCX:
Format for Communication Proxies
{ /HOST=host }
ADD PROXY user { /REMOTE_USER=user } [ /PERMANENT ]
{ }
According to the UCX HELP ADD PROXY output:
o Communication proxy
- Provides an identity for users of RSH, RLOGIN, LPR/LPD,
and customer-written services, if these services are
marked with SET SERVICE /FLAGS=APPLICATION_PROXY.
Presumably, Rdb could take advantage of this. I imagine though
that it would require some ammount of coding.
| |||||
| 5034.7 | Thanks | M5::LSMITH | Thu Feb 20 1997 17:50 | 6 | |
re: .6
Thanks Norm. I appreciate it.
Lisa
| |||||