473,324 Members | 2,356 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Managing users under DB2

I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #1
10 7405
How did you change the instance parameters so that the db authenticates?
I was under the impression that only way to authenticate was via the OS.

Larry E.

Gerald wrote:
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #2
Ian
Gerald wrote:
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.


Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:

scott@unixhost $ db2 connect to sample # use implicit auth.

Database Connection Information

Database server = DB2/AIX 8.2.2
SQL authorization ID = SCOTT
Local database alias = SAMPLE
scott@unixhost $ db2 connect to sample user harry # use explicit auth.
Enter current password for harry:

Database Connection Information

Database server = DB2/AIX 8.2.2
SQL authorization ID = HARRY
Local database alias = SAMPLE
scott@unixhost $



** DB2 UDB ESE V8.2 supports security plugins, which allow you to write
your own authentication routine. This would allow DB2 to authenticate a
user against anything you'd like, but you have to write C code for it.
:-)
Nov 12 '05 #3
Ian wrote:
Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:


Now that we're on the subject, *how* does DB2 do OS authentication? For
example, I'm using DB2 on Linux, does it make direct use of the
/etc/passwd|shadow or is there some layer inbetween? I like to fiddle
with security on servers, if I would alter the authentication method on
the OS, let's say if I set another hashing algorithm, does DB2 suffer
from this? If mr. Linus Torvalds ever decides to alter the
authentication architecture in Linux, pull a stunt like introducing BSD
authentication (binary password file) what does DB2 think about this?
Does DB2 use PAM (pluggable authentication modules)?

-R-
Nov 12 '05 #4
In article <43***********************@news.xs4all.nl>, Jurgen Haan
(ju****@fake.dom) says...
Ian wrote:
Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:


Now that we're on the subject, *how* does DB2 do OS authentication? For
example, I'm using DB2 on Linux, does it make direct use of the
/etc/passwd|shadow or is there some layer inbetween? I like to fiddle
with security on servers, if I would alter the authentication method on
the OS, let's say if I set another hashing algorithm, does DB2 suffer
from this? If mr. Linus Torvalds ever decides to alter the
authentication architecture in Linux, pull a stunt like introducing BSD
authentication (binary password file) what does DB2 think about this?
Does DB2 use PAM (pluggable authentication modules)?

-R-


Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.
Nov 12 '05 #5
Gert van der Kooij wrote:
Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.


Aha-a-a-a... Very nice :)
LOL.. Perhaps a nice mysql db for authentication on db2??? :P
Nah, just kidding. Thanks for the info, it's very useful.

-R-
Nov 12 '05 #6
In article <43***********************@news.xs4all.nl>, Jurgen Haan
(ju****@fake.dom) says...
Gert van der Kooij wrote:
Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.


Aha-a-a-a... Very nice :)
LOL.. Perhaps a nice mysql db for authentication on db2??? :P
Nah, just kidding. Thanks for the info, it's very useful.


And make it a sourceforge project so it's available for everyone :)
Nov 12 '05 #7
I made the following changes to the configuration based on the
instructions in the information center..

Set Authentication : CLIENT
Set TRUST_ALLCLNTS: No
Set TRUST_CLNTAUTH: Server
Thanks
Gerald

Nov 12 '05 #8
I did notice that, I only now get prompted for the passwords when I try
to login as a different user. I don't know what the password is for the
new user, since DB2 didn't provide any means to specify the password
when I created the user.

How can I specify the password when creating a new user or change the
password of an existing user. So far I have been creating users only
via the control center.

Thanks Again
Gerald

Nov 12 '05 #9
Gerald,

Again ... this is only possible from the os. I believe DB2 also supports
PAM now if you want to go that route.

Larry E.

Gerald wrote:
I did notice that, I only now get prompted for the passwords when I try
to login as a different user. I don't know what the password is for the
new user, since DB2 didn't provide any means to specify the password
when I created the user.

How can I specify the password when creating a new user or change the
password of an existing user. So far I have been creating users only
via the control center.

Thanks Again
Gerald

Nov 12 '05 #10
Unlike Oracle, users are not defined in DB2. Users are defined in the
operating system. There is no such thing as a DB2 user. There is no such
thing as DB2 userid authentication, all authentication is carried out using
the operating system. All you do in DB2 is assign rights to the operating
system users - you control what the operating system users may do. There is
no such thing as "a user created in the control center". You manage the
password - or whatever authentucation technology you wish - using the
operating system's facilities.

A schema and a userid are totally unrelated, with the exception that the
default value for the schema is the userid. Schemas do not have to be
userids, they are random names, and in real projects, they will be.

"Gerald" <db*****@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Bob Achgill | last post by:
I would like to use the timestamp on files to manage the currency of support files for my VB windows application. In this case I would only put the timestamp of the file in the management database...
0
by: Jordan Richard | last post by:
I'm designing a new .NET 2.0 Windows Forms application to support users who, amongst other things, need to print letters and envelopes. They currently do such printing by manually managing a...
3
by: Steven Munlo | last post by:
Hi, I'm searching for a document managing system for several users. I want to save Word-DOCs and Adobe-PDFs and do full text searches on them? Also, it should be an open source project. Does...
2
by: shumaker | last post by:
I am putting a key for my application to run at startup in SOFTWARE\Microsoft\Windows\CurrentVersion\Run My goal is to allow individual users to toggle this on and off, so I was placing the key...
1
by: Screenbert | last post by:
After finding nothing anywhere in google I am posting this so everyone can benefit by it. The formating is not pretty since I copied it from my word document, but you should benefit by it. ...
0
by: screenbert | last post by:
Managing DHCP Servers using C# They said it was impossible. It couldn't be done. But you can in fact manage DHCP servers using C#. This includes creating and deleting Scopes, SuperScopes,...
4
by: Venkatraman.S. | last post by:
Hi, Am sure many would have stumbled on this situation while developing an application in Python which is highly driven by configuration/ properties. I have an application (obviously written...
2
by: Kenneth Roy | last post by:
I have an application using a grid control. I have set up user settings for each column of the grid to enable the user to determine various properties of those columns. For example whether a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.