IBM Db2 connection
To access your data in an IBM Db2 database, create a connection asset for it.
IBM Db2 is a database that contains relational data.
Supported versions
IBM Db2 10.1 and 11.5.
Prerequisites for Kerberos authentication
If you plan to use Kerberos SSO authentication, complete these requirements:
- Configure the data source for Kerberos authentication. Optional: This connection supports Kerberos SSO with user impersonation, which requires additional configuration.
- Confirm that the service that you plan to use the connection supports Kerberos. For more information, see Kerberos authentication in Cloud Pak for Data.
- An administrator must complete one set of the following setup steps:
- Kerberos without SSO: Enabling platform connections to use Kerberos authentication
- Kerberos SSO: Configuration for Kerberos SSO
Create a connection to Db2
To create the connection asset, you need the following connection details:
-
Database
-
Hostname or IP address
-
Username and password. For more information, see Credentials.
-
Port
-
Application name (optional): The name of the application that is currently using the connection. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
-
Client accounting information (optional): The value of the accounting string from the client information that is specified for the connection. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
-
Client hostname (optional): The hostname of the machine on which the application that is using the connection is running. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
-
Client user (optional): The name of the user on whose behalf the application that is using the connection is running. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
-
SSL certificate (if required by your database server)
- For SSL, the Db2 connection does not support chained certificates. Only the certificate returned from the Db2 server, which is the first certificate, will work.
- To configure Db2 with TLS and SSL, see Setting up a Db2 connection that uses TLS and SSL.
Connecting to a Db2 instance on Cloud Pak for Data
If you are connecting to a Db2 instance that is in the same instance in Cloud Pak for Data, you can run this command to obtain the hostname and port number:
oc get svc | grep db2
The hostname is the Db2 service name. The service name always starts with c-db2oltp, for example c-db2oltp-1605022957148004-db2u-engn-svc.
The port number is 50000 for a non-SSL connection or 50001 for an SSL connection.
Credentials
The credentials setting determines the available authentication methods.
If you select Shared (default), you can use either username and password authentication or Kerberos authentication (without SSO). For more information,
see Prerequisites for Kerberos authentication. For Kerberos, you need the following connection details:
- Service principal name (SPN) that is configured for the database in the data source
- User principal name to connect to the Kerberized data source
- The password for the user principal name that is used to authenticate to the Key Distribution Center (KDC)
If you select Personal, you can enter your username and password for the server manually, use secrets from a vault, or use Kerberos authentication. For more information, see Prerequisites for Kerberos authentication. You have two choices for Kerberos:
- Kerberos (without SSO). For Kerberos without SSO, you need the following connection details:
- Service principal name (SPN) that is configured for the data source
- User principal name to connect to the Kerberized data source
- The password for the user principal name that is used to authenticate to the Key Distribution Center (KDC)
- Kerberos SSO. Select Kerberos SSO and enter the Service principal name (SPN) that is configured for the data source.
For Credentials and Certificates, you can use secrets if a vault is configured for the platform and the service supports vaults. For information, see Using secrets from vaults in connections.
Federal Information Processing Standards (FIPS) compliance
This connection is FIPS-compliant and can be used on a FIPS-enabled cluster.
Running SQL statements
To ensure that your SQL statements run correctly, refer to the Structured Query Language (SQL) topic in the IBM Db2 product documentation for the correct syntax.
Cloud Pak for Data credentials setup (Optional)
To use Cloud Pak for Data credentials, you must set up JWT token authentication on the Db2 server. For instructions, see Token configuration file.