142 DB2 UDB V8.2 on the Windows Environment
– By using uppercase letters for the Authorization ID.
This modified Authorization ID is verified against the DB2 name rules.
4.5.2 The new DB2 authentication model in Version 8.2
The new authentication model of DB2 is based on external security plug-ins. A
security plug-in is a dynamically loadable library that will be loaded if required.
Now, DB2 provides plug-in interfaces for the identification, authentication, group
and authorization mapping tasks. There are three types of DB2 security plug-ins,
which provide the following functionality:
Group retrieval plug-in: retrieves the group membership information for the
Client authentication plug-in: manages authentication of a user on a DB2
Server authentication plug-in: manages authentication of a user on a DB2
The pre-Version 8.2 functionality of the OS-based authentication support and
Kerberos support are still available but re-implemented as security plug-ins.
As described in 4.1.2, “User ID and group name enhancements” on page 127,
the name space DB2 supports was enhanced: for example, Domain\username
(“DB2TEST\Joe F. Miller”).
Advantages of the security plug-in technology
The new security plug-in technology provides the following advantages:
Improved flexibility and extensibility: Customers can implement security
mechanisms customized for their own security policy.
Extended authentication mechanism technologies can be used or developed
and connected with the plug-in technology, such as by buying plug-ins from a
Multiple different authentication types can be used concurrently; that is, the
server can support multiple GSS-API plug-ins concurrently along with
encrypted userid/password if using GSS_SERVER_ENCRYPT.
Local authorization and connections can be configured to use different