SECTION – 20

ADMINISTERING
DB2 SECURITY
Lecture 7 Authentication types in DB2
 Contents

 Authentication overview
 Types of Authentication in DB2
 Authentication
SERVER AUTHENTICATION
DB2 authentication controls the following
aspects of a database security plan:

 Who is allowed access to the instance

and/or database

 Where and how a user's password will be

verified (Server or Client)

CLIENT AUTHENTICATION
 Authentication Types
Authentication Type Description
SERVER Authentication takes place on the server.
SERVER_ENCRYPT Authentication takes place on the server. Passwords
are encrypted at the client machine before being
sent to the server.
CLIENT Authentication takes place on the client machine
KERBEROS Authentication is performed by the Kerberos security
software.
KRB_SERVER_ENCRYPT Authentication is performed by Kerberos security
software. Otherwise, SERVER_ENCRYPT is used.
DATA_ENCRYPT Authentication takes place on the server. The server
accepts encrypted user IDs and passwords, and will
encrypt the data. This operates the same way as
SERVER_ENCRYPT, except the data is encrypted
as well.
 Authentication Types
Authentication Type Description
DATA_ENCRYPT_CMP Authentication is the same as for DATA_ENCRYPT,
except that this scheme allows older clients that
don't support the DATA_ENCRYPT scheme to
connect using SERVER_ENCRYPT authentication.
The data in this case will not be encrypted. If the
client connecting supports DATA_ENCRYPT, it is
forced to encrypt the data, and cannot downgrade to
SERVER_ENCRYPT authentication.
GSSPLUGIN Authentication is controlled by an external GSS-API
plugin.
GSS_SERVER_ENCRYPT Authentication is controlled by an external GSS-API
plugin. In the case where the client doesn't support
one of the server's GSS-API plugins,
SERVER_ENCRYPT authentication is used.
 Summary

 Authentication overview
 9 types of Authentication in DB2
 Set authentication both at server and client
Thank You !