AuthenticationMethod
- Last Updated: May 30, 2024
- 3 minute read
- DataDirect Connectors
- JDBC
- Documentation
Purpose
Determines which authentication method the driver uses when it establishes a connection.
When user ID/password authentication is used, the encryption method that is used for user IDs and passwords is negotiated during the connection process. Supported encryption methods are:
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
To use AES encryption, the following requirements and restrictions apply:
- AES is supported for the following Db2 databases:
- Db2 for Linux/UNIX/Windows
- Db2 for z/OS
- The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
Policy files must be installed on the client or application server. You can obtain these
files from the following URL:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
- The Db2 authentication parameter on the database server must be set to a
value of
SERVER_ENCRYPT. - For Db2 for Linux/UNIX/Windows, the Db2 alternate_auth_enc parameter on the database server must be set to allow AES encryption.
- AES encryption cannot be used if the EncryptionMethod property is set to a value of
DBEncryptionorrequestDBEncryption.
Valid Values
clearText | client |
encryptedPassword | encryptedPasswordAES | encryptedUIDPassword |
encryptedUIDPasswordAES | kerberos | pluginSecurity
Behavior
If set to clearText, the driver uses
user ID/password authentication. The driver sends the user ID and password in clear text to
the Db2 server for authentication. If a user ID and password are not specified, the driver
throws an exception.
If set to client, the driver uses client
authentication. The Db2 server relies on the client to authenticate the user and does not
provide additional authentication. The driver ignores any user ID or password specified.
If set to encryptedPassword, the driver
uses user ID/password authentication. The driver sends a user ID in clear text and an
encrypted password to the Db2 server for authentication. If the requirements for AES
encryption are met, the driver uses AES encryption; otherwise, the driver allows a downgrade
to DES encryption. If the EncryptionMethod property is set to a value of DBEncryption or requestDBEncryption, the driver downgrades encryption to DES. If a user ID and
password are not specified, the driver throws an exception.
If set to encryptedPasswordAES, the driver
uses user ID/password authentication. The driver sends a clear text user ID and an
AES-encrypted password to the Db2 server for authentication. The driver throws an exception
in the following cases:
- If the database server indicates encryption must be downgraded to DES
- If a user ID and password are not specified
- If the EncryptionMethod property is set to a value of
DBEncryptionorrequestDBEncryption
If set to encryptedUIDPassword, the driver
uses user ID/password authentication. The driver sends an encrypted user ID and password to
the Db2 server for authentication. If the requirements for AES encryption are met, the
driver uses AES encryption; otherwise, the driver allows a downgrade to DES encryption. If
the EncryptionMethod property is set to a value of DBEncryption or requestDBEncryption, the
driver downgrades encryption to DES. If a user ID and password are not specified, the driver
throws an exception.
If set to encryptedUIDPasswordAES, the
driver uses user ID/password authentication. The driver sends an AES-encrypted user ID and
password to the Db2 server for authentication. The driver throws an exception in the
following situations:
- If the database server indicates encryption must be downgraded to DES
- If a user ID and password are not specified
- If the EncryptionMethod property is set to a value of
DBEncryptionorrequestDBEncryption.
If set to kerberos, the driver uses Kerberos authentication. The driver
ignores any user ID or password specified.
If set to pluginSecurity, the driver
uses security plug-ins for authentication. The driver supports GSS plug-in for
authentication and it is configured using the GSSPluginName and GSSPluginObject properties.
Notes
- The User property provides the user ID. The Password property provides the password. The EncryptionMethod property determines whether the driver uses data encryption.
- If you enable AES encryption by setting the AuthenticationMethod property to
encryptedPasswordAESorencryptedUIDPasswordAES, a random number generator is used for secure seeding. Secure seeding is configurable through the RandomGenerator and SecureRandomAlgorithm connection properties.
Data Source Methods
public String
getAuthenticationMethod()
public void
setAuthenticationMethod(String)
Default
clearText
Data Type
String