DirectControl for DB2 5.4.0 Release Notes
© 2004-2017 Centrify Corporation.
This software is protected by international copyright laws.
All Rights Reserved.
Table of Contents
Centrify Server Suite provides secure access control and centralized identity management by seamlessly integrating UNIX, Linux, and Macintosh OS X computers, and J2EE and web platforms with Microsoft Active Directory.
DirectControl for DB2 extends Centrify Server Suite authentication services to DB2 database instances. This solution allows you to use Microsoft Active Directory as the centralized authentication and access control data store in a heterogeneous environment containing Windows and UNIX computers, as well as DB2 relational database management systems.
Documentation, Authentication Guide for IBM DB2 (centrify-db2-guide.pdf), is available online to guide customers through the setup and configuration of DirectControl for DB2 in both new and existing environments.
The latest copies of this release notes as well as the above-mentioned documentation are available online at http://docs.centrify.com.
Centrify software is protected by U.S. Patent No. 7,591,005, 8,024,360, 8,321,523, 9,015,103 B2, 9,112,846, 9,197,670 and 9,378,391.
The DirectControl for DB2 bundle package contains the following resources:
· DirectControl for DB2 software package (e.g. rpm, or deb file)
· DirectControl for DB2 Release Notes (DirectControl-for-DB2-Release-Notes.html – this release notes)
The DirectControl for DB2 bundle package is available on the following OS/platforms in this release:
· IBM AIX on PPC
· Oracle Solaris on SPARC
· Red Hat Enterprise Linux on i386
· Red Hat Enterprise Linux on x86_64
· SUSE Linux Enterprise Server on i386
· SUSE Linux Enterprise Server on x86_64
This release supports IBM DB2 v10.1, v10.5 and v11.1.
For the OS versions that a particular DirectControl for DB2 bundle package supports, please refer to the supported OS versions of the matching DirectControl agent package of the corresponding Centrify Server Suite release. Similarly, DirectControl for DB2 also follows Centrify DirectControl’s schedule for End-of-Support platforms and hence please refer to the announcements there.
This release of DirectControl for DB2 works with Centrify Server Suite 2017. Note: It does not work with previous Centrify Server Suite releases and previous versions of DirectControl for DB2 do not work with Centrify Server Suite 2017 either because of the underlying Kerberos library changes.
This release now supports IBM DB2 v11.1. (Ref: DB-149)
Starting this release, IBM DB2 v9.5 and v9.7 are no longer supported.
This release is the last release that supports IBM DB2 v10.1.
This release is the last release that supports 32-bit for all Linux platforms.
This release of DirectControl for DB2 works with Centrify Server Suite 2015.1. Note: It does not work with previous Centrify Server Suite releases and previous versions of DirectControl for DB2 do not work with Centrify Server Suite 2015.1 either because of the underlying CAPI library changes.
This release is the last release that supports IBM DB2 v9.5 and v9.7.
No bug fixed in this release.
The following sections describe the bug fixed on the corresponding platforms.
· Warning message shown in the DB2 log when authenticating local user:
If DB2 username/password plug-in is installed with IBM DB2 v10 or above, an warning message (LEVEL: Event) "An attempt to invoke fork() within the engine is detected but is permitted to continue." will be shown in the DB2 log when authenticating local user.
If DB2 username/password plug-in is installed with IBM DB2 v10.5.0.4 (v10.5 FixPack 4) or above, local user cannot login to DB2. An error message (LEVEL: Severe) "Cannot invoke fork() within the engine, this thread will be suspended now for further investigation." will be found in the DB2 log.
This is because the DB2 username/password plug-in will call fork() to invoke an external program in order to authenticate local user. The DB2 username/password plug-in in this release will use a new way to authenticate local user and this problem is fixed. (Ref: 64711)
· The DB2 instance fails to start with GSSAPI plug-in error:
If the system already has Kerberos libraries installed, this may cause conflict with the DirectControl Kerberos libraries. In this case, the DB2 instance cannot start because the DB2 GSSAPI plug-in cannot load the correct Kerberos libraries. This problem is fixed on AIX platforms.
First read the centrify-db2-guide.pdf that is included in this package to get familiar with how to use this feature, and the installation, upgrade, configuration and verification procedures.
The following sections describe common known issues or limitations associated with this release.
· The DB2 username/password plug-in cannot authenticate any user when the machine is not joined to a zone or DirectControl agent is not running.
The DB2 username/password plug-in uses a new way to authenticate local user and this relies on the DirectControl agent. Therefore if the machine is not joined or DirectControl agent is not running, the DB2 username/password does not work. (Ref: 64711).
· The single sign on can only work with Active Directory users.
If you have an Active Directory user and local user with the same username and AIX is configured to use LAM, you may not be able to log in as an Active Directory user. If the user is not logged in as the Active Directory user, the DB2 GSSAPI plug-in for single sign on does not work. The DB2 GSSAPI plug-in only works with Active Directory user accounts. To ensure that single sign on always works, rename or remove the local user account.
· Install error when SELinux enabled – You may receive an error during installation of the Centrify DB2 package if you have SELinux enabled during installation. This may be avoided by one of the following two workarounds:
1. Temporarily disable SELinux. To disable SELinux, modify the /etc/selinux/config file as follows:
2. Change the file context on the appropriate library:
chcon -t textrel_shlib_t /home/release/335_ESE_LNXAMD26_64_NLV/db2/linux26/install/libimf.so
In addition to the documentation provided for this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.
The Centrify Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of Centrify products. For more information, see the Centrify Resources web site:
You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this version of Centrify Samba, send email to firstname.lastname@example.org or call 1-669-444-5200, option 2. For information about purchasing or evaluating Centrify products, send email to email@example.com.