Db2 authentication configuration
These are the authentication configurations for Db2® based on your operating system.
The Db2 PAM configuration file must be created first before you can configure the authentication. The next steps are different based on your operating system.
Red Hat configuration
The OS configuration steps must be run as root.
- For Db2 to
mirror the system authentication configuration, create the configuration file
/etc/pam.d/db2 (the Db2 PAM configuration
file) with the following content:
The Db2 PAM configuration file should be owned and writable only by root.#%PAM-1.0 auth include system-auth account include system-auth password include system-auth session include system-auth
SLES configuration
The OS configuration steps must be run as root.
- For Db2 to
mirror the system authentication configuration, create the configuration file
/etc/pam.d/db2 (the Db2 PAM configuration
file) with the following content:
The Db2 PAM configuration file should be owned and writable only by root.#%PAM-1.0 auth include common-auth account include common-account password include common-password session include common-session
Ubuntu Configuration
The OS configuration steps must be run as root.
- For Db2 to
mirror the system authentication configuration, create the configuration file
/etc/pam.d/db2 (the Db2 PAM configuration
file) with the following content:
The Db2 PAM configuration file should be owned and writable only by root.@include common-auth @include common-account @include common-password @include common-session
Db2 configuration
Once the PAM configuration is completed, users need to configure Db2 to enable
authentication through the operating system. The Db2 commands must be run
as a user with SYSADM authority.
- Set the DB2AUTH miscellaneous registry variable to
OSAUTHDB by running:
db2set DB2AUTH=OSAUTHDB
- Set the authentication on the server to any one of the following:
SERVER SERVER_ENCRYPT
- Ensure that you are using the default Client Userid-Password Plugin
(
clnt_pw_plugin
), Server Userid-Password Plugin (srvcon_pw_plugin
) and Group Plugin (group_plugin
). - Restart the Db2 instance.