alternate_auth_enc - Alternate encryption algorithm for incoming connections at server configuration parameter
This configuration parameter specifies the alternate encryption algorithm used to encrypt the user IDs and passwords submitted to a Db2® database server for authentication. Specifically, this parameter affects the encryption algorithm when the authentication method negotiated between the Db2 client and the Db2 database server is SERVER_ENCRYPT.
- Configuration type
- Database manager
- Applies to
- Database server with local and remote clients
- Database server with local clients
- Partitioned database server with local and remote clients
- Parameter type
- Default [range]
- NOT_SPECIFIED [AES_CMP; AES_ONLY]
The user ID and password submitted for authentication on the Db2 database server are encrypted when the authentication method negotiated between the Db2 client and the Db2 server is SERVER_ENCRYPT. The authentication method negotiated depends on the authentication type setting on the server and the authentication type requested by the client. The choice of the encryption algorithm used to encrypt the user ID and password depends on the setting of the alternate_auth_enc database manager configuration parameter. It can be either DES or AES depending on this setting.
When the default (NOT_SPECIFIED) value is used, the database server accepts the encryption algorithm that the client proposes.
When alternate_auth_enc is set to AES_ONLY, the database server will only accept connections that use AES encryption. If the client does not support AES encryption, then the connection is rejected.
When alternate_auth_enc is set to AES_CMP, the database server will accept user IDs and passwords that are encrypted using either AES or DES, but it will negotiate for AES if the client supports AES encryption.