home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC95032 Status: Closed

NEW VALUE JCC_ENFORCE_SECMEC FOR DB2 REGISTRY VARIABLE DB2AUTH TO REJECT
NON-ENCRYPTED USERNAMES AND PASSWORDS FROM JCC CLIENT

product:
DB2 CONNECT / DB2CONNCT / 970 - DB2
Problem description:
With the DB2 server authentication type SERVER_ENCRYPT a DB2 
server accepts connections from an IBM Data Server Driver for 
JDBC and SQLJ client (also called JCC driver) even when the 
client's security mechanism is CLEAR_TEXT_PASSWORD_SECURITY. 
That means that the DB2 server accepts user names and passwords 
that are not encrypted from such clients. 
 
The DB2 server authentication type is set by the database 
manager configuration parameter AUTHENTICATION. 
The security mechanism is set by the of the IBM Data Server 
Driver for JDBC and SQLJ client property securityMechanism. 
 
To prevent the DB2 server from accepting such connections this 
APAR introduces a value JCC_ENFORCE_SECMEC for the DB2 registry 
variable DB2AUTH. 
To have the DB2 server not accept connections from an IBM Data 
Server Driver for JDBC and SQLJ client with security mechanism 
CLEAR_TEXT_PASSWORD_SECURITY when the DB2 server authentication 
type is SERVER_ENCRYPT, set the DB2 registry variable DB2AUTH to 
JCC_ENFORCE_SECMEC at the DB2 server. 
 
No application modification is required, except that if you use 
Oracle JVM and use the security mechanism 
ENCRYPTED_USER_AND_PASSWORD_SECURITY you must also have the IBM 
Data Server Driver for JDBC and SQLJ property 
encryptionAlgorithm set to 2, which means using 256-bit AES 
(strong) encryption. To use 256-BIT AES (strong) encryption with 
Oracle JVM, install the "Java Cryptography Extension (JCE) 
Unlimited Strength Jurisdiction Policy" files from Oracle.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* Users of the IBM Data Server Driver for JDBC and SQLJ to     * 
* access a DB2 for Linux, UNIX and Windows database            * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* .                                                            * 
****************************************************************
Local Fix:
available fix packs:
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows

Solution
This feature was first added in DB2 Version 9.7 Fix Pack 9 
At a minimum, the change for this APAR should be applied on the 
server.
Workaround
not known / see Local fix
BUG-Tracking
forerunner  : APAR is sysrouted TO one or more of the following: IC95073 IC95074 IC96368 IC96690 
follow-up : 
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :
20.08.2013
17.12.2013
17.12.2013
Problem solved at the following versions (IBM BugInfos)
9.7.FP9
Problem solved according to the fixlist(s) of the following version(s)
9.7.0.9 FixList
9.7.0.9 FixList