When using DCE directory services in an environment without a DB2 Connect gateway, authentication is the same as is used for other DB2 Client Application Enabler accessing database servers. For more information, see "Authentication".
When using DCE directory services in an environment with a DB2 Connect gateway, the DB2 Connect administrator determines where user names and passwords are validated. With DCE directories, specify the following:
Table 57 shows the possible combinations of these values and where validation is
performed for each combination using APPC connections. The combinations
shown in this table are supported by DB2 Connect with DCE Directory
Services.
Table 57. Valid Security Scenarios with DCE using APPC Connections
Database Object of the Server | Routing Object | Validation | ||
---|---|---|---|---|
Case | Authentication | Security | Authenticate at Gateway | |
1 | CLIENT | SAME | 0 | Remote client (or DB2 Connect workstation) |
2 | CLIENT | SAME | 1 | DB2 Connect workstation |
3 | SERVER | PROGRAM | 0 | DRDA server |
4 | SERVER | PROGRAM | 1 | DB2 Connect workstation and DRDA server |
5 | DCE | NONE | Not applicable | DCE |
Table 58 shows the possible combinations of these values and where validation is
performed for each combination using TCP/IP connections. The
combinations shown in this table are supported by DB2 Connect with DCE
Directory Services.
Table 58. Valid Security Scenarios with DCE using TCP/IP Connections
Case | Authentication | Authenticate at Gateway | Validation |
---|---|---|---|
1 | CLIENT | 0 | Client |
2 | CLIENT | 1 | DB2 Connect workstation |
3 | SERVER | 0 | DRDA server |
4 | Not applicable | Not applicable | None |
5 | DCE | Not applicable | DCE |
Each combination is applicable to both APPC and TCP/IP and is described in more detail below:
The user is expected to be authenticated at the location he or she first signs on to. The user ID is sent across the network, but not the password. Use this type of security only if all client workstations have adequate security facilities.
Because validation is performed in two places, the same set of user names and passwords must be maintained at both the DB2 Connect workstation and the DRDA server.
Notes: