Kerberos authentication in CLPPlus

The CLPPlus interface supports connecting to DSN aliases using Kerberos authentication as defined in the IBM® data server driver configuration file (db2dsdriver.cfg).

The IBM data server driver configuration file is an XML file that contains a list of DSN aliases and their properties. If the DSN alias entry contains the Authentication property value that is set to kerberos, the Kerberos authentication mechanism is used. For more information, see the DSN aliases in CLPPlus topic.

The CLPPlus interface does not request a Kerberos TGT ticket on its own. It uses the ticket that is already obtained by the user for use with other applications or tools.

Examples

Consider the following IBM data server driver configuration file contents:

<configuration>
	<dsncollection>
		<dsn alias="S" name="SAMPLE" host="9.121.221.159" port="50000">
		</dsn>
	</dsncollection>
	<databases>
		<database name="SAMPLE" host="9.121.221.159" port="50000">
			<parameter name="UserID" value="john"/>
		</database>
	</databases>
	<parameters>
		<parameter name="Authentication" value="KERBEROS"/>
	</parameters>
</configuration>

The following example shows a connection being established with the contents of the IBM data server driver configuration file, which includes the Authentication parameter value.

The user starts a CLPPlus session and attempts a connection to the DSN alias "S".

C:\>clpplus
CLPPlus: Version 1.1
Copyright (c) 2009, IBM CORPORATION.  All rights reserved.

SQL> connect

Enter DATABASE NAME [SAMPLE]: S
Enter ID [john] :
Enter Password: ********

Database Connection Information
-------------------------------
Hostname = 9.121.221.159
Database server = DB2/NT  SQL09071
SQL authorization ID = john
Local database alias = S
Port = 50000

SQL>