Configuring the enhanced host based authentication (HBA2) mechanism mappings
Enhanced host based authentication (HBA2) network identities are mapped to native user identities in the same manner as host based authentication (HBA) identities.
This is described in Configuring the host based authentication (HBA) mechanism mappings.
Native identity mapping for HBA2 network identities follows the same formats and rules as those described earlier for HBA network identities. HBA2 network identities also support the same negative mappings, wildcard substitution rules, and reserved words.
To indicate that an entry in the ctsec_map.global or ctsec_map.local file
refers to the enhanced host based authentication mechanism, you must
begin the entry with the hba2: mnemonic.
hba2:jbrady@epsilon3.ibm.com=jbradyhba2:!jbrady@epsilon3.ibm.comThe HBA2 MPM also supports the use of IP addresses in authentication, as illustrated in the following examples.
hba2:jbrady@9.117.10.14=jbradyhba2:!jbrady@9.117.10.14As with the HBA mechanism, the HBA2 mechanism can authenticate using host names from some cluster nodes and IP addresses from other cluster nodes. In these cases, it is best to create multiple mapping entries for the same host—one that uses the host name of the remote cluster node and one for each IP address supported by the remote cluster node.
hba2:jbrady@epsilon2.ibm.com=jbrady
hba2:jbrady@9.117.10.14=jbrady
hba2:jbrady@9.118.102.49=jbrady