DB2 10.5 for Linux, UNIX, and Windows
DB2 10.5 for Linux, UNIX, and Windows
This parameter and trust_clntauth are used to determine where users are validated to the database environment.
This parameter is only active when the authentication parameter is set to CLIENT.
By accepting the default of YES for this parameter, all clients are treated as trusted clients. This means that the server assumes that a level of security is available at the client and the possibility that users can be validated at the client.
This parameter can only be changed to NO if the authentication parameter is set to CLIENT. If this parameter is set to NO, the untrusted clients must provide a userid and password combination when they connect to the server. Untrusted clients are operating system platforms that do not have a security subsystem for authenticating users.
Setting this parameter to DRDAONLY protects against all clients except clients from DB2® for OS/390® and z/OS®, DB2 for VM and VSE, and DB2 for OS/400®. Only these clients can be trusted to perform client-side authentication. All other clients must provide a user ID and password to be authenticated by the server.
When trust_allclnts is set to DRDAONLY, the trust_clntauth parameter is used to determine where the clients are authenticated. If trust_clntauth is set to CLIENT, authentication occurs at the client. If trust_clntauth is set to SERVER, authentication occurs at the client if no password is provided, and at the server if a password is provided.