The AuthenticationMethod connection property controls which authentication mechanism the driver uses when establishing connections.

When AuthenticationMethod is set to clearText (default), encryptedPassword, encryptedPasswordAES, encryptedUIDPassword, or encryptedUIDPasswordAES, the driver uses user ID/password authentication when establishing a connection. The User property provides the user ID. The Password property provides the password.

The set of credentials that are passed to the DB2 server depend on the specified value:

  • When AuthenticationMethod=clearText, both a user ID and a password are sent in clear text to the DB2 server for authentication.
  • When AuthenticationMethod=encryptedPassword or AuthenticationMethod=encryptedPasswordAES, a user ID in clear text and an encrypted password are sent to the DB2 server for authentication.
  • When AuthenticationMethod=encryptedUIDPassword or AuthenticationMethod=encryptedUIDPasswordAES, an encrypted user ID and encrypted password are sent to the DB2 server for authentication.

The encryption method that is used for user IDs and passwords is negotiated during the connection process. For DB2 9.7 for Linux/UNIX/Windows, the method used to encrypt user IDs and passwords is either AES or DES encryption depending on the setting of the alternate_auth_enc parameter on the DB2 server. For all other DB2 databases, the method is DES encryption. See the description for AuthenticationMethod for more information.

Note: The driver also can use data encryption by setting the EncryptionMethod property (see EncryptionMethod for more information).

When AuthenticationMethod=client, the driver uses the user ID of the user logged onto the system on which the driver is running when establishing a connection. The DB2 database server relies on the client to authenticate the user and does not provide additional authentication. The driver ignores any values specified by the User property and Password properties.

When AuthenticationMethod=kerberos, the driver uses Kerberos authentication when establishing a connection. The driver ignores any values specified by the User property and Password properties. For details on Kerberos authentication, see Configuring Kerberos Authentication

When AuthenticationMethod=pluginSecurity, the driver uses the GSS security plug-ins for authentication. For details on GSS plug-in authentication, see Configuring GSS Plug-in Authentication