Use of alternative security mechanisms with the IBM Data Server Driver for JDBC and SQLJ

If you are using IBM® Data Server Driver for JDBC and SQLJ type 4 connectivity, and you set the retryWithAlternativeSecurityMechanism to com.ibm.db2.jcc.DB2BaseDataSource.YES (1), and the original security mechanism for a connection fails, the driver retries the connection with the most secure alternative security mechanism.

The following table lists the IBM Data Server Driver for JDBC and SQLJ security mechanisms, and the alternative security mechanisms that are used when the original connection has an authorization failure.

Table 1. Original and alternative IBM Data Server Driver for JDBC and SQLJ security mechanisms
Server authentication type IBM Data Server Driver for JDBC and SQLJ authentication type for the original connection IBM Data Server Driver for JDBC and SQLJ authentication type for retrying the connection
CLIENT
  • CLEAR_TEXT_PASSWORD_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 USER_ONLY_SECURITY
USER_ONLY_SECURITY None. USER_ONLY_SECURITY does not fail on the original connection.
SERVER
  • USER_ONLY_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 CLEAR_TEXT_PASSWORD_SECURITY
CLEAR_TEXT_PASSWORD_SECURITY None. CLEAR_TEXT_PASSWORD_SECURITY does not fail on the original connection.
SERVER_ENCRYPT for Db2® on Linux®, UNIX, and Windows systems Version 8 Fix Pack 9 or earlier
  • CLEAR_TEXT_PASSWORD_SECURITY
  • USER_ONLY_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
 None. ENCRYPTED_PASSWORD_SECURITY and ENCRYPTED_USER_AND_PASSWORD_SECURITY do not fail on the original connection.
SERVER_ENCRYPT for Db2 on Linux, UNIX, and Windows systems Version 8 Fix Pack 10 or later
  • USER_ONLY_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • CLEAR_TEXT_PASSWORD_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
 None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, and ENCRYPTED_USER_AND_PASSWORD_SECURITY do not fail on the original connection.
DATA_ENCRYPT
  • CLEAR_TEXT_PASSWORD_SECURITY
  • USER_ONLY_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY None. ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY does not fail on the original connection.
KERBEROS
  • CLEAR_TEXT_PASSWORD_SECURITY
  • USER_ONLY_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • PLUGIN_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 KERBEROS_SECURITY
KERBEROS_SECURITY None. KERBEROS_SECURITY does not fail on the original connection.
GSSPLUGIN
  • CLEAR_TEXT_PASSWORD_SECURITY
  • USER_ONLY_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 PLUGIN_SECURITY
PLUGIN_SECURITY None. PLUGIN_SECURITY does not fail on the original connection.
KRB_SERVER_ENCRYPT
  • USER_ONLY_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 KERBEROS_SECURITY
  • CLEAR_TEXT_PASSWORD_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • PLUGIN_SECURITY
 None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, ENCRYPTED_USER_AND_PASSWORD_SECURITY, KERBEROS_SECURITY, and PLUGIN_SECURITY do not fail on the original connection.
GSS_SERVER_ENCRYPT
  • USER_ONLY_SECURITY
  • ENCRYPTED_USER_AND_DATA_SECURITY
  • ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY
  • ENCRYPTED_USER_ONLY_SECURITY
 KERBEROS_SECURITY
  • CLEAR_TEXT_PASSWORD_SECURITY
  • ENCRYPTED_PASSWORD_SECURITY
  • ENCRYPTED_USER_AND_PASSWORD_SECURITY
  • KERBEROS_SECURITY
  • PLUGIN_SECURITY
 None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, ENCRYPTED_USER_AND_PASSWORD_SECURITY, KERBEROS_SECURITY, and PLUGIN_SECURITY do not fail on the original connection.