Configuring Data Studio for Kerberos client authentication

IBM Data Studio is a client side Eclipse based application which provides an integrated, modular environment for database development and administration of IBM Common SQL Engines, including Db2 Big SQL.

The steps for configuring IBM Data Studio to use Kerberos client authentication are the same as those described for Configuring JDBC clients for Kerberos client authentication. Briefly, that is to configure the client Kerberos configuration file (krb5.ini / krb5.conf), the JAAS configuration file, and optionally obtain a cached ticket-granting ticket (TGT).

Because Data Studio uses the IBM JRE, you need to edit the JAAS configuration file to change com.sun.security.auth.module.Krb5LoginModule to com.ibm.security.auth.module.Krb5LoginModule.

Once these generic JDBC configuration steps are complete, a new database connection can be created in Data Studio using Kerberos authentication (that is, with the property securityMechanism=11), as shown in the image below.

Optionally, Data Studio can use password-less authentication using a cached ticket-granting (TGT) ticket.

Data Studio connection dialog
Note: In some cases you may receive an error when connecting due to a timing drift between the client and Kerberos KDC. In this case, see the following topic to resolve the problem: Kerberos error code 37 when connecting to Db2 Big SQL.