DB2 Authentication Overview

Source: Internet
Author: User

DB2 identity authentication is an important part of DB2 database permission management. The following describes the DB2 Identity Authentication in detail, hoping to help you learn about DB2 identity authentication.

DB2 Authentication type, which determines where to perform authentication.

For example, in the client-server environment, is the client or server used to check the user ID and password? In the client-gateway-host environment, is the client or host used to check the user ID and password? You can specify the verification type in dbm cfg:
DB2 GET DBM CFG
Server Connection Authentication (SRVCON_AUTH) = KERBEROS
Database manager authentication (AUTHENTICATION) = SERVER_ENCRYPT
SERVER_ENCRYPT will be used to connect to the instance. However, KERBEROS authentication is used to connect to the database.
In the client-gateway-host environment, these authentication options are set on the client and on the network, rather than on the host.

Type description
SERVER authentication is performed on the SERVER.
SERVER_ENCRYPT authentication is performed on the server. The password is encrypted on the client and then sent to the server.
CLIENT Authentication is performed on the CLIENT.
* KERBEROS is authenticated by Kerberos security software.
* If the client is set to KERBEROS, the Kerberos security software performs authentication. Otherwise, SERVER_ENCRYPT is used.
DATA_ENCRYPT authentication is performed on the server. The server accepts the encrypted user ID and password and encrypts the data. The operation method of this option is the same as that of SERVER_ENCRYPT, but data must also be encrypted.
The DATA_ENCRYPT_CMP authentication method is the same as DATA_ENCRYPT, but old-fashioned clients that do not support DATA_ENCRYPT can use SERVER_ENCRYPT authentication for connection. In this case, data is not encrypted. If the connected client supports DATA_ENCRYPT, data encryption is performed instead of downgrading to SERVER_ENCRYPT for authentication. This authentication type is valid only in the DATABASE management program configuration file of the server and is invalid when catalog database is used on the client or gateway instance.
The GSSPLUGIN authentication method is determined by an external GSS-API plug-in.
The GSS_SERVER_ENCRYPT authentication method is determined by an external GSS-API plug-in. Use SERVER_ENCRYPT authentication when the client does not support one of the server's GSS-API plug-ins.

DB2 rename a table and view table information

DB2 mount command performance factors

How to back up all tables in DB2

How to Implement DB2 row-to-column Conversion

DB2 offline backup test instance

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.