trust_clntauth - Trusted clients authentication configuration parameter

This parameter specifies whether a trusted client is authenticated at the server or the client when the client provides a userid and password combination for a connection.

This parameter (and trust_allclnts) is only active if the authentication parameter is set to CLIENT. If a user ID and password are not provided, the client is assumed to have validated the user, and no further validation is performed at the server.

Attention: With the release of Db2® 11.5.9, the CLIENT authentication type is deprecated. Do not use this authentication type going forward, as it is insecure in many situations and might be removed in a future release.
Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type
Configurable
Default [range]
CLIENT [CLIENT, SERVER]

If this parameter is set to CLIENT (the default), the trusted client can connect without providing a user ID and password combination, and the assumption is that the operating system has already authenticated the user. If it is set to SERVER, the user ID and password will be validated at the server.

When using the db2CfgSet API to set the database manager configuration parameter, the numeric value for CLIENT is 0. The numeric value for SERVER is 1.