DB2 Authentication Overview

DB2 identity authentication is an important part of DB2 database permission management. The following describes the DB2 Identity Authentication in detail, hoping to help you learn about DB2 identity authentication.

DB2 Authentication type, which determines where to perform authentication.

For example, in the client-server environment, is the client or server used to check the user ID and password? In the client-gateway-host environment, is the client or host used to check the user ID and password? You can specify the verification type in dbm cfg:
DB2 GET DBM CFG
Server Connection Authentication (SRVCON_AUTH) = KERBEROS
Database manager authentication (AUTHENTICATION) = SERVER_ENCRYPT
SERVER_ENCRYPT will be used to connect to the instance. However, KERBEROS authentication is used to connect to the database.
In the client-gateway-host environment, these authentication options are set on the client and on the network, rather than on the host.

Type description
SERVER authentication is performed on the SERVER.
SERVER_ENCRYPT authentication is performed on the server. The password is encrypted on the client and then sent to the server.
CLIENT Authentication is performed on the CLIENT.
* KERBEROS is authenticated by Kerberos security software.
* If the client is set to KERBEROS, the Kerberos security software performs authentication. Otherwise, SERVER_ENCRYPT is used.
DATA_ENCRYPT authentication is performed on the server. The server accepts the encrypted user ID and password and encrypts the data. The operation method of this option is the same as that of SERVER_ENCRYPT, but data must also be encrypted.
The DATA_ENCRYPT_CMP authentication method is the same as DATA_ENCRYPT, but old-fashioned clients that do not support DATA_ENCRYPT can use SERVER_ENCRYPT authentication for connection. In this case, data is not encrypted. If the connected client supports DATA_ENCRYPT, data encryption is performed instead of downgrading to SERVER_ENCRYPT for authentication. This authentication type is valid only in the DATABASE management program configuration file of the server and is invalid when catalog database is used on the client or gateway instance.
The GSSPLUGIN authentication method is determined by an external GSS-API plug-in.
The GSS_SERVER_ENCRYPT authentication method is determined by an external GSS-API plug-in. Use SERVER_ENCRYPT authentication when the client does not support one of the server's GSS-API plug-ins.

DB2 rename a table and view table information

DB2 mount command performance factors

How to back up all tables in DB2

How to Implement DB2 row-to-column Conversion

DB2 offline backup test instance