Web­Sphere 7: solu­tion to “pass­word is not set” while there is a pass­word set

I googled a lot regard­ing the error mes­sage “pass­word is not set” when test­ing a data­source in Web­Sphere (7.0.0.21), but I did not find a solu­tion. A co-worker final­ly found a solu­tion (by accident?).

Prob­lem case

While hav­ing the appli­ca­tion JVMs run­ning, I cre­at­ed a new JAAS-J2C authen­ti­ca­tor (in my case the same login but a dif­fer­ent pass­word), and changed the data­source to use the new authen­ti­ca­tor. I saved the con­fig and syn­chro­nized it. The files config/cells/cell­name/nodes/node­name/resources.xml and config/cells/cell­name/security.xml showed that the changes arrived on the node. Test­ing the data­source con­nec­tiv­i­ty fails now with:

DSRA8201W: Data­Source Con­fig­u­ra­tion: DSRA8040I: Failed to con­nect to the Data­Source.  Encoun­tered java.sql.SQLException: The appli­ca­tion serv­er reject­ed the con­nec­tion. (Pass­word is not set.)DSRA0010E: SQL State = 08004, Error Code = ‑99,999.

Restart­ing the appli­ca­tion JVMs does not help.

Solu­tion

After stop­ping every­thing (appli­ca­tion JVMs, nodeagent and deploy­ment man­ag­er) and start­ing every­thing again, the con­nec­tion test of the data­source works direct­ly as expected.

I have not test­ed if it is enough to just stop all appli­ca­tion JVMs on one node and the cor­re­spding nodeagent, or if I real­ly have to stop the deploy­ment man­ag­er too.

(Free)BSD inside Android

Today I was look­ing into the Open­Source licens­es which are dis­played for Android (2.3.4). There are sev­er­al files which come with a BSD license.

Dur­ing look­ing at it, I noticed that the libm has the copy­right of sev­er­al FreeB­SD peo­ple. I did not had an in-deep look if this is because they took the FreeB­SD libm, or if this is because parts of the FreeB­SD libm where adopt­ed by oth­er BSD projects.

What I noticed is, that some spe­cial char­ac­ters are not dis­played cor­rect­ly. For exam­ple the name Dag-Erling Smør­grav looks man­gled in the dis­play of the license inside the phone (I hope it is dis­played bet­ter in my blog). His name is not the only prob­lem case, there are also oth­er char­ac­ters which are not ren­dered as expected.

This does not real­ly look professional.

One-Time-Passwords for Horde/IMP?

I search a way to use one-time-passwords for Horde/IMP on FreeB­SD. I do not want to use PAM (local users on the machine). Cur­rent­ly I use the authen­ti­ca­tion via IMAP4 (link between the IMAP4-server and post­fix via MySQL, to have the same PW for send­ing and receiv­ing), and I expect that not all users of Horde/IMP will use OTP if avail­able, so the prob­lem case is not that easy. I can imag­ine a solu­tion which tries to authen­ti­cate via OTP first, and if it suc­ceeds gets a pass­word for the login to the IMAP4 serv­er. If the OTP-auth fails, it could try the entered pass­word for the login to the IMAP4 serv­er. Migrat­ing exist­ing users to a new solu­tion can be done by telling them to enter the pass­word from the machine of the per­son doing the migra­tion. The solu­tion needs to auto­mat­i­cal­ly login to the IMAP4 serv­er, enter­ing a pass­word for the IMAP4 serv­er after the OTP-login to Horde is not an option.

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)

One-Time-Passwords for XMPP/Jabber?

I search a way to use one-time-passwords for jabber/XMPP (ejab­berd) on FreeB­SD. I do not want to use PAM (local users on the machine). Cur­rent­ly I use the inter­nal authen­ti­ca­tion, and I expect that not all users of the jab­ber serv­er will use OTP if avail­able, so the prob­lem case is not that easy (migrat­ing exist­ing users to a new solu­tion can be done by chang­ing the pass­word myself and then telling them to change their pass­word, but there needs to be a way to let them change the non-OTP password).

I assume that OTP is not fore­seen in the XMPP pro­to­col, so where could I ask to have some­thing like that con­sid­ered as an exten­sion (if such a place exists at all)?

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)