The Kerberos authentication mechanism may be used when both WebSphere® Application Server and the DB2 server are configured for Kerberos authentication. Kerberos authentication can provide single sign on (SSO) end-to-end interoperable solutions and preserves the original requester identity.
The XARecovery and TestConnection facilities of the application server are not able to supply delegated Kerberos credentials to the data source. There might also be situations where the application server security component is unable to supply delegated Kerberos credentials for a given connection request. To account for these cases you can configure a DB2 connection using Kerberos authentication referred to in this topic as option 2. For this option, a user ID and password must be supplied to the JDBC driver that the driver uses to obtain its own Kerberos credentials. To use this option, you must configure a J2C authentication data alias on the application server which defines the user ID and password that the DB2 JDBC driver will use to request a Kerberos Ticket Granting Ticket (TGT). The TGT is used for Kerberos authentication to a DB2 server. To the application server, this looks much like the typical user ID and password authentication.
In this information ...Related concepts
Related tasks
Related reference
| IBM Redbooks, demos, education, and more(Index) |