Error Message: Pseudoaccount login rejected for <username>

"Pseudoaccount" errors are associated with the Multi-Tier OpSysLogin feature, which authenticates users at the operating system level. This feature provides enhanced security for databases with known security issues, such as older versions of Informix or Progress, which did not have any user authentication features of their own.

If you don't need this additional protection, we recommend simply disabling the OpSysLogin feature, as discussed below.

If you do need this additional protection, start with the Multi-Tier security Utility. If the problem persists, take the following steps --

1. Look at your Broker host's /etc/passwd file.
   
2. Locate the shell which is associated with the Broker-owning user. For example:
   
   

   
   openlink:x:101:101:OpenLink User,:/home/openlink:/usr/bin/sh
   

   
   
3. Now look at your Broker host's /etc/shells file.
   
4. Confirm that the full path to the shell executable associated with the Broker-owning user is found at the top of the file. For example:
   
   

   
   /usr/bin/sh
   /usr/bin/bash
   /usr/bin/csh
   

   
   
5. If not, then edit the file with a text editor and add this path to the top.
   
6. Save the file, and retest your connection.

If the issue still persists, contact us for assistance, but also try disabling the OpSysLogin to see if it brings temporary relief.

Disabling OpSysLogin

1. Use a text editor to open the active Rulebook file, e.g., oplrqb.ini.
   
2. Locate the [generic_xxxxx] section, which corresponds to the problematic database agent. For example:
   
   

   
   [generic_oingres1]
   Description = Default settings for OpenIngres 1.x agent
   Program = oig1_sv
   Environment = OPENINGRES1
   ReUse = never
   OpsysLogin = Yes
   

   
   
3. Set OpsysLogin=No.
   
4. Save your changes and exit the file.
   
5. Restart the Request Broker.
   
6. Retest your connection.

Evidence

• Broker Rulebook (e.g., oplrqb.ini)
  
• Request Broker Log (e.g., oplrqb.log)