Db2 authentication configuration

These are the authentication configurations for Db2® based on your operating system.

The Db2 PAM configuration file must be created first before you can configure the authentication. The next steps are different based on your operating system.

Red Hat configuration

The OS configuration steps must be run as root.
  1. For Db2 to mirror the system authentication configuration, create the configuration file /etc/pam.d/db2 (the Db2 PAM configuration file) with the following content:
          #%PAM-1.0
      auth     include system-auth
      account  include system-auth
      password include system-auth
      session  include system-auth
    The Db2 PAM configuration file should be owned and writable only by root.

SLES configuration

The OS configuration steps must be run as root.
  1. For Db2 to mirror the system authentication configuration, create the configuration file /etc/pam.d/db2 (the Db2 PAM configuration file) with the following content:
          #%PAM-1.0
      auth     include common-auth
      account  include common-account
      password include common-password
      session  include common-session
    The Db2 PAM configuration file should be owned and writable only by root.

Ubuntu Configuration

The OS configuration steps must be run as root.
  1. For Db2 to mirror the system authentication configuration, create the configuration file /etc/pam.d/db2 (the Db2 PAM configuration file) with the following content:
          @include common-auth
      @include common-account
      @include common-password
      @include common-session
    The Db2 PAM configuration file should be owned and writable only by root.

Db2 configuration

Once the PAM configuration is completed, users need to configure Db2 to enable authentication through the operating system. The Db2 commands must be run as a user with SYSADM authority.
  1. Set the DB2AUTH miscellaneous registry variable to OSAUTHDB by running:
    db2set DB2AUTH=OSAUTHDB
  2. Set the authentication on the server to any one of the following:
    SERVER
SERVER_ENCRYPT
  3. Ensure that you are using the default Client Userid-Password Plugin (clnt_pw_plugin), Server Userid-Password Plugin (srvcon_pw_plugin) and Group Plugin (group_plugin).
  4. Restart the Db2 instance.