Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > db2 > answers

Is dual-mode authentication possible under DB2?

Pradeep
Guest
  
Posts: n/a
#1: Nov 12 '05
DB2ers,

I am a newbie to DB2 but have enough experience with other database
servers. Many database servers such as SQLServer offer a dual-mode
authentication mechanism, that is, either you can use standard Windows
authentication or specify a username that is not necessarily a Windows
account name. From reading various posts, it appears this is not
possible for DB2. Is this correct?

I did try to create a new database user. Control Center->All
databases->SAMPLE->Users and Groups object->Add user. User creation
worked. I also see that no Windows account was created with the
username I specified. This is confusing. Seems like my previous
assumption is not valid. If this is not a Windows account, where is the
password stored? I don't see any option to change password.

Thank you in advance for enlightening me.

Pradeep

wolfram.wagner@web.de
Guest
  
Posts: n/a
#2: Nov 12 '05

re: Is dual-mode authentication possible under DB2?

Hi,
As much as I know (DB2 7.2), DB2 relies on Windows user management. We
have created unprivilidged local windows users (DB2 does not support
domains, if it is not running on PDC or BDC) to control access over
database objects. The rights are given via the DB2 groups for Sysadmin
for instance and via GRANT command.

Please note that the user account names are restricted to be compatible
over the different plattforms.

Please read the documentation for further information!

Wolfram
Artur
Guest
  
Posts: n/a
#3: Nov 12 '05

re: Is dual-mode authentication possible under DB2?

In fact DB2 authentication is based on EXTERNAL MECHANISM, which in
particular can be Windows users and passwords. But DB2 also support
Kerberos, os users on application server machine or any authentication
mechanism implemented as GSS-API.

Look for the AUTHENTICATION instance parameter.

-- Artur Wronski
juliane26
Guest
  
Posts: n/a
#4: Nov 12 '05

re: Is dual-mode authentication possible under DB2?

Pradeep,

the user mapping is used only for federation (accessing tables in
remote databases) for the remote machines.
Got nothing to do with your local database authentication.

Still, you can set authentication=client, so the password is checked on
the client. whatever PUBLIC can do then everybody can do - but this is
soooo risky and unsafe - you actually don't want that.

check on authentication methods allowed.
http://publib.boulder.ibm.com/infoce...n/c0005435.htm

Juliane
Pradeep
Guest
  
Posts: n/a
#5: Nov 12 '05

re: Is dual-mode authentication possible under DB2?

Guys,

Thank you very much for your help.

Pradeep
Closed Thread

« previous question | next question »

Similar DB2 Database bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,533 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved