Db2 supports the Generic Security Standard (GSS) plug-in for authentication. The GSS plug-in provides a generic interface that eliminates the need to write your application for specific security implementations based on platform, security mechanism, or transfer protocol. The plug-in consists of a set of APIs that you can implement to customize your authentication requirements and interoperate with various security methods.

To configure a GSS plug-in for authentication.

  • Configure the basic connection properties required for a connection:
    • Set the DatabaseName property to specify the name of the database to which you want to connect. Valid only on Db2 for Linux, UNIX, and Windows; Db2 Hosted; and Db2 Warehouse on Cloud
    • Set the LocationName property to specify the name of the Db2 location that you want to access. Valid only on Db2 for z/OS and Db2 for I.
    • Set the PortNumber property to specify the TCP port of the primary database server that is listening for connections to the database
    • Set the ServerName property to specify either the IP address in IPv4 or IPv6 format, or the server name (if your network supports named servers) of the primary database server.
  • Set the AuthenticationMethod connection property to pluginSecurity.
  • Set the GSSPluginName connection property to the plug-in name enabled on the server. The plug-in name is case-sensitive.
  • Set the GSSPluginObject connection property to a valid object of a class that extends the com.ddtek.jdbc.db2.gssplugin.DB2GSSPluginClient class and provides a valid implementation for the getTicket() method. This value must be a data source object or a java.util.Properties object supplied through the DriverManager class.
    Note: The implementation of the GSSPluginObject property depends on the type of GSS APIs enabled on the Db2 server. Both the server and the client must have the same plug-in enabled. The server must have pluginSecurity configured.

The following examples show the connection information required to establish a session using the GSS plug-in authentication.

Connection URL

jdbc:datadirect:db2://serverName:60000;databaseName=dbName;
java.util.Properties properties = new java.util.Properties(); 
properties.put("authenticationMethod", "pluginSecurity"); 
properties.put("user", "userName");
properties.put("password", "password");
properties.put("GSSPluginName", "gssapi_name");
properties.put("GSSPluginObject", new DB2GSSPlugin());
Connection connection= DriverManager.getConnection(connectionUrl, properties);

Data Source

DB2DataSource dataSource = new DB2DataSource();
dataSource.setServerName("serverName");
dataSource.setPortNumber(60000);
dataSource.setDatabaseName("dbName");
dataSource.setUser("userName");
dataSource.setPassword("password"); 
dataSource.setAuthenticationMethod("pluginSecurity");
dataSource.setGSSPluginName("gssapi_name");
dataSource.setGSSPluginObject(new DB2GSSPlugin());
Connection connection = dataSource.getConnection();