Authentication IBM data server driver configuration keyword

Specifies the type of authentication to be used with file DSN or DSN-less connectivity.

Important: The SERVER_ENCRYPT and SERVER_ENCRYPT_AES authentication types are deprecated and disabled in strict FIPS mode. For more information on the deprecation, see Authentication methods for your server.
Equivalent CLI keyword:

Authentication

Equivalent IBM® Data Server Provider for .NET connection string keyword

Authentication

IBM data server driver configuration keyword syntax

<parameter name="Authentication" value="CERTIFICATE | SERVER | SERVER_ENCRYPT | SERVER_ENCRYPT_AES | KERBEROS | GSSPLUGIN | TOKEN"/>

Note: When a connection is established by using TLS, clients that are cataloged with the SERVER_ENCRYPT authentication type are able to connect to servers that are configured with the SERVER authentication type.
Default setting:
Not Specified
Usage notes:
  • If the Authentication keyword is set to KERBEROS, you must also set the TargetPrinciple keyword.
  • You can specify the SSL client authentication by setting the Authentication keyword to the CERTIFICATE value for connection to Db2® for z/OS® servers with following conditions:
    • A connection to the server must be established with the CLI driver or IBM Data Server Provider for .NET. The CERTIFICATE authentication is specific to CLI, ODBC, or .NET connections.
    • Db2 for z/OS server must be Version 10 or later. If you are connecting to Db2 for z/OS Version 10 server, Known Issue PM53450 must be installed.
    • Connections to Db2 for z/OS server must be a direct connection between a client and supported Db2 for z/OS server. You cannot use Db2 Connect server as a gateway to establish connection to target Db2 for z/OS servers.
    • The SSLClientLabel keyword must be set if more than one personal certificate or more than one key entry exists in the Keystore or Microsoft Certificate Store.
    • A connection to supported Db2 for z/OS servers must be made with the application connection string or with the IBM data server driver configuration file. For the CLI driver connection, you can use the db2cli.ini file instead of the IBM data server driver configuration file. You cannot use the local database catalog to establish connections to Db2 for z/OS servers.
    • You cannot specify a user password.
    • For more information about the values SERVER, SERVER_ENCRYPT, SERVER_ENCRYPT_AES, KERBEROS, see Authentication types supported with Db2 Connect Server.