By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,763 Members | 1,569 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,763 IT Pros & Developers. It's quick & easy.

Is dual-mode authentication possible under DB2?

P: n/a

I am a newbie to DB2 but have enough experience with other database
servers. Many database servers such as SQLServer offer a dual-mode
authentication mechanism, that is, either you can use standard Windows
authentication or specify a username that is not necessarily a Windows
account name. From reading various posts, it appears this is not
possible for DB2. Is this correct?

I did try to create a new database user. Control Center->All
databases->SAMPLE->Users and Groups object->Add user. User creation
worked. I also see that no Windows account was created with the
username I specified. This is confusing. Seems like my previous
assumption is not valid. If this is not a Windows account, where is the
password stored? I don't see any option to change password.

Thank you in advance for enlightening me.


Nov 12 '05 #1
Share this Question
Share on Google+
4 Replies

P: n/a
As much as I know (DB2 7.2), DB2 relies on Windows user management. We
have created unprivilidged local windows users (DB2 does not support
domains, if it is not running on PDC or BDC) to control access over
database objects. The rights are given via the DB2 groups for Sysadmin
for instance and via GRANT command.

Please note that the user account names are restricted to be compatible
over the different plattforms.

Please read the documentation for further information!


Nov 12 '05 #2

P: n/a
In fact DB2 authentication is based on EXTERNAL MECHANISM, which in
particular can be Windows users and passwords. But DB2 also support
Kerberos, os users on application server machine or any authentication
mechanism implemented as GSS-API.

Look for the AUTHENTICATION instance parameter.

-- Artur Wronski

Nov 12 '05 #3

P: n/a

the user mapping is used only for federation (accessing tables in
remote databases) for the remote machines.
Got nothing to do with your local database authentication.

Still, you can set authentication=client, so the password is checked on
the client. whatever PUBLIC can do then everybody can do - but this is
soooo risky and unsafe - you actually don't want that.

check on authentication methods allowed.


Nov 12 '05 #4

P: n/a

Thank you very much for your help.


Nov 12 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.