470,815 Members | 1,272 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

home > topics > db2 database > questions > managing users under db2

Post your question to a community of 470,815 developers. It's quick & easy.

Managing users under DB2

I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #1
10 7197
How did you change the instance parameters so that the db authenticates?
I was under the impression that only way to authenticate was via the OS.

Larry E.

Gerald wrote:
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #2
Ian
Gerald wrote:
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.


Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:

scott@unixhost $ db2 connect to sample # use implicit auth.

Database Connection Information

Database server = DB2/AIX 8.2.2
SQL authorization ID = SCOTT
Local database alias = SAMPLE
scott@unixhost $ db2 connect to sample user harry # use explicit auth.
Enter current password for harry:

Database Connection Information

Database server = DB2/AIX 8.2.2
SQL authorization ID = HARRY
Local database alias = SAMPLE
scott@unixhost $



** DB2 UDB ESE V8.2 supports security plugins, which allow you to write
your own authentication routine. This would allow DB2 to authenticate a
user against anything you'd like, but you have to write C code for it.
:-)
Nov 12 '05 #3
Ian wrote:
Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:


Now that we're on the subject, *how* does DB2 do OS authentication? For
example, I'm using DB2 on Linux, does it make direct use of the
/etc/passwd|shadow or is there some layer inbetween? I like to fiddle
with security on servers, if I would alter the authentication method on
the OS, let's say if I set another hashing algorithm, does DB2 suffer
from this? If mr. Linus Torvalds ever decides to alter the
authentication architecture in Linux, pull a stunt like introducing BSD
authentication (binary password file) what does DB2 think about this?
Does DB2 use PAM (pluggable authentication modules)?

-R-
Nov 12 '05 #4
In article <43***********************@news.xs4all.nl>, Jurgen Haan
(ju****@fake.dom) says...
Ian wrote:
Users "defined" in control center only represent users who have been
granted privileges, but have nothing to do with authentication. DB2
always** does OS authentication, but nothing prevents a user from
connecting to DB2 with a different ID. From the command line:


Now that we're on the subject, *how* does DB2 do OS authentication? For
example, I'm using DB2 on Linux, does it make direct use of the
/etc/passwd|shadow or is there some layer inbetween? I like to fiddle
with security on servers, if I would alter the authentication method on
the OS, let's say if I set another hashing algorithm, does DB2 suffer
from this? If mr. Linus Torvalds ever decides to alter the
authentication architecture in Linux, pull a stunt like introducing BSD
authentication (binary password file) what does DB2 think about this?
Does DB2 use PAM (pluggable authentication modules)?

-R-


Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.
Nov 12 '05 #5
Gert van der Kooij wrote:
Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.


Aha-a-a-a... Very nice :)
LOL.. Perhaps a nice mysql db for authentication on db2??? :P
Nah, just kidding. Thanks for the info, it's very useful.

-R-
Nov 12 '05 #6
In article <43***********************@news.xs4all.nl>, Jurgen Haan
(ju****@fake.dom) says...
Gert van der Kooij wrote:
Hi Jurgen,

From Db2 8.2 it's also possible to create your own security plugins.
The description of those plugins at http://tinyurl.com/b7w3d shows a
lot of information about how the security mechanism works.


Aha-a-a-a... Very nice :)
LOL.. Perhaps a nice mysql db for authentication on db2??? :P
Nah, just kidding. Thanks for the info, it's very useful.


And make it a sourceforge project so it's available for everyone :)
Nov 12 '05 #7
I made the following changes to the configuration based on the
instructions in the information center..

Set Authentication : CLIENT
Set TRUST_ALLCLNTS: No
Set TRUST_CLNTAUTH: Server
Thanks
Gerald

Nov 12 '05 #8
I did notice that, I only now get prompted for the passwords when I try
to login as a different user. I don't know what the password is for the
new user, since DB2 didn't provide any means to specify the password
when I created the user.

How can I specify the password when creating a new user or change the
password of an existing user. So far I have been creating users only
via the control center.

Thanks Again
Gerald

Nov 12 '05 #9
Gerald,

Again ... this is only possible from the os. I believe DB2 also supports
PAM now if you want to go that route.

Larry E.

Gerald wrote:
I did notice that, I only now get prompted for the passwords when I try
to login as a different user. I don't know what the password is for the
new user, since DB2 didn't provide any means to specify the password
when I created the user.

How can I specify the password when creating a new user or change the
password of an existing user. So far I have been creating users only
via the control center.

Thanks Again
Gerald

Nov 12 '05 #10
Unlike Oracle, users are not defined in DB2. Users are defined in the
operating system. There is no such thing as a DB2 user. There is no such
thing as DB2 userid authentication, all authentication is carried out using
the operating system. All you do in DB2 is assign rights to the operating
system users - you control what the operating system users may do. There is
no such thing as "a user created in the control center". You manage the
password - or whatever authentucation technology you wish - using the
operating system's facilities.

A schema and a userid are totally unrelated, with the exception that the
default value for the schema is the userid. Schemas do not have to be
userids, they are random names, and in real projects, they will be.

"Gerald" <db*****@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
I'm new to DB2, I have over 10 years of experience on Oracle.

I actually have to books on order that might help. Till then I have
been searching and reading through IBM's DB2 Information Center, as
well as manuals on IBM's website.
I'm working with DB2 because the client uses it, so enough on that
subject.

I'm trying to figure out how to change the password for a user
created in the control center. I don't like operating system
authentication, and prefer all users to specify a username and password
when logging in from anywhere. As long a scott knows the password the
user can log onto the databse and Tom or Harry, regardless of who is
logged into the OS.

I was able to change the settings in the instance paramters so that
the database itself will authenticate the user when the user attempts
to signon with a user name and password.

I created a new user using the control center, with a schema.
Unfortunately I unable to find a way to set the password for a new
user.

Under oracle it is very simple to set the user password when
creating the user or set the password for a user using the command.
alter user <dbuser> identified by <dbpassword>

Any suggestions on how to accomplish this under DB2?
Thanks in advance
Gerald

Nov 12 '05 #11

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Managing files by Create time/date
9 posts views Thread by Bob Achgill | last post: by
PHP
Searching for a document managing system (open source)
3 posts views Thread by Steven Munlo | last post: by
Managing Startup Keys
2 posts views Thread by shumaker | last post: by
Managing DHCP Servers using C#
1 post views Thread by Screenbert | last post: by
managing properties/configurations
4 posts views Thread by Venkatraman.S. | last post: by
Managing Users Settings in VB.Net
2 posts views Thread by Kenneth Roy | last post: by
BYTES.COM © 2022
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.