469,306 Members | 1,850 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,306 developers. It's quick & easy.

Is dual-mode authentication possible under DB2?


I am a newbie to DB2 but have enough experience with other database
servers. Many database servers such as SQLServer offer a dual-mode
authentication mechanism, that is, either you can use standard Windows
authentication or specify a username that is not necessarily a Windows
account name. From reading various posts, it appears this is not
possible for DB2. Is this correct?

I did try to create a new database user. Control Center->All
databases->SAMPLE->Users and Groups object->Add user. User creation
worked. I also see that no Windows account was created with the
username I specified. This is confusing. Seems like my previous
assumption is not valid. If this is not a Windows account, where is the
password stored? I don't see any option to change password.

Thank you in advance for enlightening me.


Nov 12 '05 #1
4 1749
As much as I know (DB2 7.2), DB2 relies on Windows user management. We
have created unprivilidged local windows users (DB2 does not support
domains, if it is not running on PDC or BDC) to control access over
database objects. The rights are given via the DB2 groups for Sysadmin
for instance and via GRANT command.

Please note that the user account names are restricted to be compatible
over the different plattforms.

Please read the documentation for further information!


Nov 12 '05 #2
In fact DB2 authentication is based on EXTERNAL MECHANISM, which in
particular can be Windows users and passwords. But DB2 also support
Kerberos, os users on application server machine or any authentication
mechanism implemented as GSS-API.

Look for the AUTHENTICATION instance parameter.

-- Artur Wronski

Nov 12 '05 #3

the user mapping is used only for federation (accessing tables in
remote databases) for the remote machines.
Got nothing to do with your local database authentication.

Still, you can set authentication=client, so the password is checked on
the client. whatever PUBLIC can do then everybody can do - but this is
soooo risky and unsafe - you actually don't want that.

check on authentication methods allowed.


Nov 12 '05 #4

Thank you very much for your help.


Nov 12 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Tomer Ben-David | last post: by
3 posts views Thread by Yaroslav K. Kravchishin | last post: by
5 posts views Thread by John Dalberg | last post: by
25 posts views Thread by John Gibson | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Geralt96 | last post: by
reply views Thread by harlem98 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.