When you use the IBM® Data Server Driver for JDBC and SQLJ, you choose a security mechanism by specifying a value for the securityMechanism property.
You can determine the security mechanism that is in effect for a connection by calling the DB2Connection.getDB2SecurityMechanism method.
The following table lists the security mechanisms that the IBM Data Server Driver for JDBC and SQLJ supports, and the data sources that support those security mechanisms.
Security mechanism | Supported by DB2® for Linux, UNIX, and Windows | Supported by DB2 for z/OS® | Supported by IBM Informix® | Supported by DB2 for i |
---|---|---|---|---|
User ID and password | Yes | Yes | Yes | Yes |
User ID only | Yes | Yes | Yes | Yes |
User ID and encrypted password1 | Yes | Yes | Yes | Yes3 |
Encrypted user ID1 | Yes | Yes | No | No |
Encrypted user ID and encrypted password1 | Yes | Yes | Yes | Yes3 |
Encrypted user ID and encrypted security-sensitive data1 | No | Yes | No | No |
Encrypted user ID, encrypted password, and encrypted security-sensitive data1 | Yes | Yes | No | No |
Kerberos2 | Yes | Yes | No | Yes |
Plugin2 | Yes | No | No | No |
Certificate authentication2 | No | Yes | No | No |
Note:
|
The following table lists the security mechanisms that the IBM Data Server Driver for JDBC and SQLJ supports, and the value that you need to specify for the securityMechanism property to specify each security mechanism.
The default security mechanism is CLEAR_TEXT_PASSWORD_SECURITY. If the server does not support CLEAR_TEXT_PASSWORD_SECURITY, an error occurs. In addition, any other mismatch in security mechanism support between the requester and the server results in an error.
Security mechanism | securityMechanism property value |
---|---|
User ID and password | DB2BaseDataSource.CLEAR_TEXT_PASSWORD_SECURITY |
User ID only | DB2BaseDataSource.USER_ONLY_SECURITY |
User ID and encrypted password1 | DB2BaseDataSource.ENCRYPTED_PASSWORD_SECURITY |
Encrypted user ID1 | DB2BaseDataSource.ENCRYPTED_USER_ONLY_SECURITY |
Encrypted user ID and encrypted password1 | DB2BaseDataSource.ENCRYPTED_USER_AND_PASSWORD_SECURITY |
Encrypted user ID and encrypted security-sensitive data1 | DB2BaseDataSource.ENCRYPTED_USER_AND_DATA_SECURITY |
Encrypted user ID, encrypted password, and encrypted security-sensitive data1 | DB2BaseDataSource.ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY |
Kerberos | DB2BaseDataSource.KERBEROS_SECURITY |
Plugin | DB2BaseDataSource.PLUGIN_SECURITY |
Certificate authentication | DB2BaseDataSource.TLS_CLIENT_CERTIFICATE_SECURITY |
Note:
|
DB2 for Linux, UNIX, and Windows server authentication type | securityMechanism setting |
---|---|
CLIENT | USER_ONLY_SECURITY |
SERVER | CLEAR_TEXT_PASSWORD_SECURITY |
SERVER_ENCRYPT | CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, or ENCRYPTED_USER_AND_PASSWORD_SECURITY |
DATA_ENCRYPT | ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY |
KERBEROS | KERBEROS_SECURITY or PLUGIN_SECURITY2 |
KRB_SERVER_ENCRYPT | KERBEROS_SECURITY , PLUGIN_SECURITY1, ENCRYPTED_PASSWORD_SECURITY, or ENCRYPTED_USER_AND_PASSWORD_SECURITY |
GSSPLUGIN | PLUGIN_SECURITY1 or KERBEROS_SECURITY |
GSS_SERVER_ENCRYPT3 | CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, ENCRYPTED_USER_AND_PASSWORD_SECURITY, PLUGIN_SECURITY, or KERBEROS_SECURITY |
Notes:
|