DB2 10.5 for Linux, UNIX, and Windows

A scenario with client authentication and a Windows client machine

The following example demonstrates authentication of a user by a client computer.

  1. Dale, the administrator, logs on to SRV3 and changes the authentication for the database instance to Client: 
       db2 update dbm cfg using authentication client
   db2stop
   db2start
  2. Ivan, at a Windows client machine, logs on to the DC1 domain (that is, he is known in the DC1 SAM database).
  3. Ivan then connects to a DB2® database that is cataloged to reside on SRV3: 
       DB2 CONNECT to remotedb user Ivan using johnpw
  4. Ivan's machine validates the username and password. The API used to find this information first searches the local machine (Ivan) and then the domain controller (DC1) before trying any trusted domains. Username Ivan is found on DC1.
  5. Ivan's machine then validates the username and password with DC1.
  6. SRV3 then:
    1. Determines where Ivan is known.
    2. Finds out whether Ivan is an administrator by asking DC1.
    3. Enumerates all Ivan's groups by asking DC1.
Note: Before attempting to connect to the DB2 database, ensure that DB2 Security Service has been started. The Security Service is installed as part of the Windows installation. DB2 is then installed and "registered" as a Windows service however, it is not started automatically. To start the DB2 Security Service, enter the NET START DB2NTSECSERVER command.