Chapter 4. Security 157
4.5.5 Deploying a userid/password plug-in
To deploy a user ID/password authentication plug-in, perform the following steps
on the database server and client.
Deploying on the database server
To deploy the server security plug-in:
1. Place the user ID/password authentication plug-in library in the server's
plug-in directory.
2. Update the database manager configuration parameter
SRVCONS_PW_PLUGIN with the name of the server plug-in.
This plug-in is used now by the server when it handles connection
(CONNECT) and attachment (ATTACH) requests.
3. Either:
– Set the database manager configuration parameter SRVCON_AUTH to
the CLIENT, SERVER, SERVER_ENCRYPT, DATA_ENCRYPT, or
DATA_ENCRYPT_CMP authentication type.
Or:
– Set the database manager configuration parameter SRVCON_AUTH to
NOT_SPECIFIED, and set AUTHENTICATION to CLIENT, SERVER,
SERVER_ENCRYPT, DATA_ENCRYPT, or DATA_ENCRYPT_CMP
authentication type.
Deploying the database client
To deploy the client security plug-in:
1. Place the user ID/password authentication plug-in library in the client plug-in
directory on the client.
2. Update the database manager configuration parameter CLNT_PW_PLUGIN
with the name of the client plug-in.
This plug-in is loaded and called regardless of where the authentication is
being done (that is, not only when client authentication is enabled).
Note: If SRVCON_PW_PLUGIN is left blank, it will default to the
IBM-provided plug-in IBMOSauthserver.
Note: If CLNT_PW_PLUGIN is left blank, it will default to the IBM-provided
plug-in IBMOSauthclient.
Get DB2 UDB V8.2 on the Windows Environment now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
