Raquel,
Authentication is done by the DB2 agent while processing the database
connection request. The DBM CFG AUTHENTICATION parameter determines how to
authenticate a user for all databases in that instance.
The authentication parameter on the CATALOG DB command tells the client what
authentication method is being used on the DB2 server. The client uses this
information to determine what to send to the DB2 server and how to send it
(for example, encrypted or not encrypted). The catalog entry should match
or be compatible with the instances DBM CFG AUTHENTICATION parameter. You
can not use the CATALOG DB command to override the servers authentication
method.
Database security is based on the users authority and/or privileges. To
connect to a database, the user needs CONNECT privilege, but no further
authentication is done.
Authentication works the same if you ATTACH to the instance.
"Raquel" <ra****************@yahoo.com> wrote in message
news:9a**************************@posting.google.c om...
I am confused between Authentication at Instance Vs Authentication at
Database. Instance authentication is specified at Instance creation
time (db2icrt) and is stored in db mgr. cfg. file while Database
authentication is specified during the Catalog Database command.
So far, so good. But when do each of the authentications come into
"picture"? For example, when a remote client attempts to access a
database, does it first authenticate at the instance level and then at
the database level?
What about local clients? How do they authenticate?
TIA
Raquel.
