Configuration related to the Kerberos authentication
In order to use Optim™ High Performance Unload against a Db2® database configured with the Kerberos authentication, one has to add some specific parameters into the db2hpu.cfg configuration files.
There are parameters which can be specified only at the user-specific configuration file level, the ones called krb_principal and krb_keytab. These parameters are used to establish a connection to the database under the authority of the user launching Optim High Performance Unload, for accessing to the catalog information or for executing an unload task with the FORCE mode.
There are parameters which can be specified only at the global configuration file level, the ones called instances_krb_principal and instances_krb_keytab. These parameters are used to establish a connection to the database under the authority of the Db2 instance user, for performing the operations related to the LOCK or FLUSH BUFFERPOOLS options when they are set to YES.
| Optim High Performance Unload launched with the Db2 instance user | LOCK and FLUSH BUFFERPOOLS set to NO | User-specific level or global level |
| LOCK or FLUSH BUFFERPOOLS set to YES | User-specific level or global level | |
| Optim High Performance Unload launched with a user not being the Db2 instance one | LOCK and FLUSH BUFFERPOOLS set to NO | User-specific level only |
| LOCK or FLUSH BUFFERPOOLS set to YES | User-specific level and global level |
On a Windows platform, only the Kerberos parameters set at the user-specific configuration file level are taken into account. The ones at the global configuration file level are ignored.
- On an Unix platform, the package that should be installed is ‘krb5’ (provided by the MIT Kerberos project, https://web.mit.edu/kerberos)
- On a Windows platform, the package that should be installed is the one developed by Heimdal (https://www.secure-endpoints.com/heimdal).