Configuring ODBC clients for Kerberos client authentication
Follow these steps to configure an ODBC connection to the Db2 Big SQL server using client Kerberos authentication from a Windows operating system.
Confirm that the following prerequisites are met:
Before you begin
- The Db2 Big SQL cluster is installed and is enabled for client Kerberos authentication.
- The IBM Data Server Runtime Client for Windows is installed on the Windows client machine. To download the package visit IBM Data Server Client Packages.
- Install and configure the MIT Kerberos client:
- To download the Kerberos installer for 64-bit computers use the following link from the MIT Kerberos website: http://web.mit.edu/kerberos/dist/kfw/4.0/kfw-4.0.1-amd64.msi. This installer includes both 32-bit and 64-bit libraries.
- To download the Kerberos installer for 32-bit computers use the following link from the MIT Kerberos website: http://web.mit.edu/kerberos/dist/kfw/4.0/kfw-4.0.1-i386.msi.
Open the ODBC driver manager. Under the User DSN tab click
Add to create a new user data source.
Select IBM DB2 ODBC DRIVER and click finish.
In the ODBC IBM DB2 Driver - Add dialog, enter the new data source name
and click Add.
Enter a description for the data source.
Under the TCP/IP tab, enter the database name, database alias and host
Under the Security options tab, check the Specify the
security options (Optional) box, select the Kerberos authentication
(KERBEROS) radio button, provide the Target principal name, and
Double click on the selected DSN.
Test the connection. Enter the user principal identity in the User ID
field, enter the password for the user principal in the Password field, and
then click Connect.
Note: Windows operating systems directly associate a Kerberos principal identity with a domain user. An implication is that Kerberos authentication is unavailable to Windows operating systems that are not associated with a domain or realm. Furthermore, Windows operating systems support only the two-part format for defining principal identities, that is, name@domain.Note: In some cases you may receive an error when connecting due to a timing drift between the client and Kerberos KDC. In this case, see the following topic to resolve the problem: Kerberos error code 37 when connecting to Db2 Big SQL.