Configuring ODBC clients for Kerberos client authentication

Follow these steps to configure an ODBC connection to the Db2 Big SQL server using client Kerberos authentication from a Windows operating system.

Before you begin

Confirm that the following prerequisites are met:

Procedure

  1. Open the ODBC driver manager. Under the User DSN tab click Add to create a new user data source.
    ODBC Data Source Administrator dialog
  2. Select IBM DB2 ODBC DRIVER and click finish.
    Create New Data Source dialog
  3. In the ODBC IBM DB2 Driver - Add dialog, enter the new data source name and click Add.
    ODBC IBM DB2 Driver - Add dialog
  4. Enter a description for the data source.
    CLI/ODBC Settings dialog, Data Source tab
  5. Under the TCP/IP tab, enter the database name, database alias and host name.
    CLI/ODBC Settings dialog, TCP/IP tab
  6. Under the Security options tab, check the Specify the security options (Optional) box, select the Kerberos authentication (KERBEROS) radio button, provide the Target principal name, and click OK.
    CLI/ODBC Settings dialog, Security options tab
  7. Double click on the selected DSN.
    ODBC Data Source Administration dialog
  8. Test the connection. Enter the user principal identity in the User ID field, enter the password for the user principal in the Password field, and then click Connect.
    CLI/ODBC Settings dialog, Data Source tab
    Note: Windows operating systems directly associate a Kerberos principal identity with a domain user. An implication is that Kerberos authentication is unavailable to Windows operating systems that are not associated with a domain or realm. Furthermore, Windows operating systems support only the two-part format for defining principal identities, that is, name@domain.
    Note: In some cases you may receive an error when connecting due to a timing drift between the client and Kerberos KDC. In this case, see the following topic to resolve the problem: Kerberos error code 37 when connecting to Db2 Big SQL.