IBM Books

Administration Guide

A Sample Scenario with Client Authentication and a Windows 95 Client Machine:

  1. Dale, the administrator, logs on to SRV3 and changes the authentication for the database instance to Client:
       db2stop myinst
       db2 update dbm cfg using authentication client
       db2start myinst

  2. Ivan, at a Windows 95 client machine, logs on to the DC1 domain (that is, he is known in the DC1 SAM database).

  3. Ivan then connects to a DB2 database that is cataloged to reside on SRV3:
       db2 connect to remotedb user Ivan using johnpw

  4. Ivan's Windows 95 machine cannot validate the username and password. The username and password are therefore assumed to be valid.

  5. SRV3 then:

    1. Determines where Ivan is known.

    2. Finds out whether Ivan is an administrator by asking DC1.

    3. Enumerates all Ivan's groups by asking DC1.
Note:Because a Windows 95 client cannot validate a given username and password, client authentication under Windows 95 is inherently insecure. If the Windows 95 machine has access to a Windows NT security provider, however, some measure of security can be imposed by configuring the Windows 95 system for validated pass-through logon. For details on how to configure your Windows 95 system in this way, refer to the Microsoft documentation for Windows 95.

DB2 also supports global groups. In order to use global groups, you must include global groups inside a local group that is on the security server. When DB2 enumerates all the groups that a person is a member of, it also lists the local groups the user is a member of indirectly (by the virtue of being in a global group that is itself a member of one or more local groups).

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]