Enum DB2AuthenticationMethod
- Namespace
- YndigoBlue.Velocity.Data.DB2
- Assembly
- YndigoBlue.Velocity.dll
Specifies the authentication mechanism used when connecting to an IBM DB2 database
with integrated / OS-level authentication (UseIntegratedSecurity = true).
public enum DB2AuthenticationMethodFields
Client = 0Authenticate using client-side OS authentication. Maps to
Authentication=CLIENT. The DB2 server trusts the client to have authenticated the OS user; the OS username is forwarded to DB2 as the connecting identity and no password is sent. The DB2 server must be configured to acceptCLIENTauthentication (DBM CFG parameterAUTHENTICATION CLIENT). Use only on secured networks where the client machine is fully trusted.Kerberos = 1Authenticate using Kerberos. Maps to
Authentication=KERBEROS. The client must have a valid Kerberos Ticket Granting Ticket (TGT) obtained from the domain KDC prior to connecting. The DB2 server must be configured to accept Kerberos authentication. No DB2-level password encryption is layered on top of Kerberos's own encryption.KerberosServerEncrypt = 2Authenticate using Kerberos with additional DB2-level server encryption. Maps to
Authentication=KRB_SERVER_ENCRYPT. Identical to Kerberos but negotiates DB2's server-side encryption on top of the Kerberos session. Use when the DB2 server requiresAUTHENTICATION KRB_SERVER_ENCRYPTin its configuration.GssPlugin = 3Authenticate using a DB2 GSS authentication plugin. Maps to
Authentication=GSSPLUGIN. The plugin is configured on the DB2 server and can back on to LDAP, Active Directory, PAM, or any other mechanism the plugin supports. The client connects without a password; the plugin performs the identity resolution.GssServerEncrypt = 4Authenticate using a DB2 GSS authentication plugin with additional DB2-level server encryption. Maps to
Authentication=GSS_SERVER_ENCRYPT. Identical to GssPlugin but negotiates DB2's server-side encryption on top of the GSS session.
Remarks
These values map directly to the Authentication= keyword in the IBM DB2 connection string.
When UseIntegratedSecurity is
true, the selected mechanism is applied and UserID/Password are omitted from
the connection string.
Prerequisites: All mechanisms require external configuration — the DB2 server and the network environment must be prepared beforehand. Velocity only sets the connection string keyword; it does not configure the authentication infrastructure itself.
| Value | DB2 keyword | External requirement |
|---|---|---|
| Client | CLIENT | DB2 server must be configured to trust client-asserted identity; OS user on client machine is sent as the DB2 user |
| Kerberos | KERBEROS | Valid Kerberos TGT; DB2 server must accept Kerberos auth |
| KerberosServerEncrypt | KRB_SERVER_ENCRYPT | Same as Kerberos, plus DB2-level encryption negotiated on top |
| GssPlugin | GSSPLUGIN | DB2 GSS authentication plugin configured on server (LDAP, PAM, custom, etc.) |
| GssServerEncrypt | GSS_SERVER_ENCRYPT | Same as GssPlugin, plus DB2-level encryption negotiated on top |