user authentication

Yes, there's a setting parm. in the instance config. file for the server
that defines
AUTHENTICATION CLIENT
This means that the client is responsible for providing an id at connect
time that the server will "blindly" accept.
From then on, anything that happens to your instance and/or server is
thoroughly deeserved.

You are asking the server to accept any connection that has been verfified a
t the client.
All I'd need is get the instance owner name on my windows xp laptop and
build an id there with it and ant pw.
I'd logon on my laptop with that id and then issue a connect request to your
server and be accepted as the instance owner there: and could I get
creative?????

HTH, Pierre.

--
Pierre Saint-Jacques
SES Consultants Inc.
514-737-4515
"db2admin" <ja****@gmail.com> a écrit dans le message de news:
11**********************@v46g2000cwv.googlegroups. com...

hi,

can user connect to db2 server without providing username and password
from client?

regards

i do not want to compromise security
is there a way to set specific usernames of groups and unix hostnames (
clients ) which can connect to db2 server ?

db2admin wrote:

i do not want to compromise security
is there a way to set specific usernames of groups and unix hostnames (
clients ) which can connect to db2 server ?

You can control who can connect by REVOKING CONNECT authority on your
database from PUBLIC, and then granting to the specific users or groups.

You can prevent these users from actually logging in to the server
using whatever method you prefer.

db2admin wrote:

i do not want to compromise security
is there a way to set specific usernames of groups and unix hostnames (
clients ) which can connect to db2 server ?

Yes ... you must set them up using the facilities of the OS
(etc/group/passwd). That's what DB2 uses.

Larry Edelstein

Yes, as Larry says in the next answer, you can use the OS to identify id's
and groups.
The users will have to provide the id and the password when they connect,
which goes against your initial request of your first post:

"can user connect to db2 server without providing username and password
from client?"

It seems you want to have your cake and eat it too.
You don't want to provide a username and a password BUT you don't want to
com^romise security.
By the way what security if there's no way to identify the user?

Maybe a little more explanation on what you are trying to achieve might help
us!!!!

HTH, Pierre.
--
Pierre Saint-Jacques
SES Consultants Inc.
514-737-4515
"db2admin" <ja****@gmail.com> a écrit dans le message de news:
11**********************@u72g2000cwu.googlegroups. com...

i do not want to compromise security
is there a way to set specific usernames of groups and unix hostnames (
clients ) which can connect to db2 server ?

The best solution is to use Kereros. The user logs on to his workstation via
whatever security technology you have in place (e.g. smartcard), and
Kerberos handles the issues of distributed security. DB2 will leverage the
O/S Kerberos when configured to do so. Since you didn't list your platforms,
I'll have to refer you to the DB2 and O/S documentation for the details on
implementing Kerberos. There are also some good white papers on the DB2 web
site that address these issues.

The list of users / groups that may connect is controlled by GRANT / REVOKE
statements. The DB2 documentation explains GRANTs.

"db2admin" <ja****@gmail.com> wrote in message
news:11**********************@v46g2000cwv.googlegr oups.com...

hi,

can user connect to db2 server without providing username and password
from client?

regards

In article <11**********************@v46g2000cwv.googlegroups .com>,
db2admin <ja****@gmail.com> wrote:

hi,

can user connect to db2 server without providing username and password
from client?

Yes, but to do so securely requires the use of the client and server
side security plugins.

In my workplace, we use the GSS security plugins to perform the DB2
security handshake based on Kerberos tickets that are established when
the user first logins in to the Unix/Windows system.

However, that only work if your OS environment already contains the
required Kerberos support - simple on Windows 2000/XP with Active
Directory, but not simple on Unix unless you're already a Kerberos shop.

If you don't have a good system programmer available to your DBA staff,
or you don't have the ability to make sure a shared library / DLL is
installed and mainrtained on all clients, then the security plugins are
a no-go.

Hildo

thanks to all

we use AIX / DB2 .
certain users hard code their password in scripts from clients
connecting to UDB servers
they do not want to do that because anybody can look their password
from those text scripts.
they need ability to connect to database without providing passwords
and usernames.
kerberos will be a major infrastructure change which can be difficult
to implement