Security plug-in libraries must have a platform-specific
file name extension. Security plug-in libraries written in C or C++
must have a platform-specific file name extension:
- Windows: .dll
- AIX®: .a or .so,
and if both extensions exist, .a extension is used.
- Linux, HP IPF and Solaris: .so
Note: Users can also develop security plug-ins with the DB2® Universal JDBC Driver.
For
example, assume you have a security plug-in library called
MyPlugin.
For each supported operating system, the appropriate library file
name follows:
- Windows 32-bit: MyPlugin.dll
- Windows 64-bit: MyPlugin64.dll
- AIX 32 or 64-bit: MyPlugin.a
or MyPlugin.so
- SUN 32 or 64-bit, Linux 32
or 64 bit, HP 32 or 64 bit on IPF: MyPlugin.so
Note: The suffix "64" is only required on the library name
for 64-bit Windows security
plug-ins.
When you update the database manager configuration with the name
of a security plug-in, use the full name of the library without the
"64" suffix and omit both the file extension and any qualified path
portion of the name. Regardless of the operating system, a security
plug-in library called
MyPlugin would be registered
as follows:
UPDATE DBM CFG USING CLNT_PW_PLUGIN MyPlugin
The security plug-in name is case sensitive, and must exactly match
the library name. DB2 database
systems use the value from the relevant database manager configuration
parameter to assemble the library path, and then uses the library
path to load the security plug-in library.
To avoid security plug-in name conflicts, you should name the plug-in
using the authentication method used, and an identifying symbol of
the firm that wrote the plug-in. For instance, if the company Foo,
Inc. wrote a plug-in implementing the authentication method FOOsomemethod,
the plug-in could have a name like FOOsomemethod.dll.
The maximum length of a plug-in name (not including the file extension
and the "64" suffix) is limited to 32 bytes. There is no maximum number
of plug-ins supported by the database server, but the maximum length
of the comma-separated list of plug-ins in the database manager configuration
is 255 bytes. Two defines located in the include file
sqlenv.h identifies
these two limits:
#define SQL_PLUGIN_NAME_SZ 32 /* plug-in name */
#define SQL_SRVCON_GSSPLUGIN_LIST_SZ 255 /* GSS API plug-in list */
The
security plug-in library files must have the following file permissions:
- Owned by the instance owner.
- Readable by all users on the system.
- Executable by all users on the system.