User's Guide

Authentication

As DB2 Connect administrator, in cooperation with your DRDA database administrator, you can determine where user names and passwords are validated. There are five possibilities:

Validation at the client
Validation at the DB2 Connect workstation
Validation at both the DB2 Connect workstation and the DRDA server
Validation at the DRDA server
Validation at a DCE security server.

You determine where validation occurs by setting the Authentication type parameter in the system database directory, and the Security type parameter in the node directory for APPC nodes. For more information about updating these directories, see Chapter 3. "Updating Database Directories".

Notes:

DB2 Connect itself performs no user validation. If you want to have the DB2 Connect workstation perform validation, the local security subsystem will be used to verify the userid and password provided with each CONNECT request. Therefore, when you set up a DB2 Connect Enterprise Edition gateway, if you will use AUTHENTICATION=SERVER, you must set up all the necessary userids and passwords on the gateway system.
If you use DCE Directory Services, authentication works differently. For more information, see "Security with DCE Directory Services".

The following authentication types are allowed with DB2 Connect Version 5:

CLIENT: The user name and password are validated at the client.
SERVER: The user name and password are validated at the DB2 Connect workstation. When no authentication is specified, SERVER is assumed.
DCS: The user name and password are validated at the DRDA server.
DCE: The user name and password are validated at the DCE security server.

Notes:

For any system database directory entry that DB2 Connect uses for establishing a connection, if the authentication parameter is not specified, then DB2 Connect will use authentication SERVER.
As with DB2 Universal Database client-server communications, the authentication type is not required at a remote client attached to a DB2 Connect Enterprise Edition gateway, but it may be specified there in order to help optimize performance, since then it does not need to be gotten from the gateway, thus reducing the elapsed time for transactions.
In the case of a discrepancy between the value at the client and value at the gateway, the value specified at the DB2 Connect gateway takes precedence.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]