Stored passwords

If you use the dbpassword command to store database user passwords on a client system, you can supply only a database user name and host on the command line. You can also continue to enter a password on the command line if displaying clear-text passwords is not a concern for security.

If you supply a password on the command line, it takes precedence over the environment variable DB_PASSWORD. If the environment variable is not set, the system checks the locally stored password file. If there is no password in this file and you are using the dbsql command, the system prompts you for a password, otherwise the authentication request fails.

In all cases, using the -pw option on the command line, using the DB_PASSWORD environment variable, or using the locally stored password that is stored through the dbpassword command. Db2® compares the password against the entry in the system catalog for local authentication or against the LDAP or KERBEROS account definition. The authentication protocol is the same, and Db2 never sends clear-text passwords over the network.