Verify the set up
Execute the following command as the DB2 instance user to verify the setup:
db2 get dbm config |egrep -i "auth|gss|group|srvcon"
A sample output of this command for a scenario where all three Authentication Service for IBM DB2 security plug-ins have been configured is as follows. The lines of interest are highlighted in bold.
SYSADM group name (SYSADM_GROUP) = DB2GRP1 SYSCTRL group name (SYSCTRL_GROUP) = SYSMAINT group name (SYSMAINT_GROUP) = SYSMON group name (SYSMON_GROUP) = Group Plugin (GROUP_PLUGIN) = centrifydc_db2group GSS Plugin for Local Authorization (LOCAL_GSSPLUGIN) = centrifydc_db2gsskrb5 Server List of GSS Plugins (SRVCON_GSSPLUGIN_LIST) = centrifydc_db2gsskrb5 Server Userid-Password Plugin (SRVCON_PW_PLUGIN) = centrifydc_db2userpass Server Connection Authentication (SRVCON_AUTH) = GSS_SERVER_ENCRYPT Database manager authentication (AUTHENTICATION) = SERVER Cataloging allowed without authority (CATALOG_NOAUTH) = NO Trusted client authentication (TRUST_CLNTAUTH) = CLIENT Bypass federated authentication (FED_NOAUTH) = NO
After installing the plug-ins, the database instance needs to be stopped and restarted. Enter the db2stop
and db2start
commands as the instance user.