home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC96368 Status: Closed

NEW VALUE JCC_ENFORCE_SECMEC FOR DB2 REGISTRY VARIABLE DB2AUTH TO REJECT
NON-ENCRYPTED USERNAMES AND PASSWORDS FROM JCC CLIENT

product:
DB2 FOR LUW / DB2FORLUW / A50 - DB2
Problem description:
With the DB2 server authentication type SERVER_ENCRYPT a DB2 
server accepts connections from an IBM Data Server Driver for 
JDBC and SQLJ client (also called JCC driver) even when the 
client's security mechanism is CLEAR_TEXT_PASSWORD_SECURITY. 
That means that the DB2 server accepts user names and passwords 
that are not encrypted from such clients. 
 
The DB2 server authentication type is set by the database 
manager configuration parameter AUTHENTICATION. 
The security mechanism is set by the of the IBM Data Server 
Driver for JDBC and SQLJ client property securityMechanism. 
 
To prevent the DB2 server from accepting such connections this 
APAR introduces a value JCC_ENFORCE_SECMEC for the DB2 registry 
variable DB2AUTH. 
To have the DB2 server not accept connections from an IBM Data 
Server Driver for JDBC and SQLJ client with security mechanism 
CLEAR_TEXT_PASSWORD_SECURITY when the DB2 server authentication 
type is SERVER_ENCRYPT, set the DB2 registry variable DB2AUTH to 
JCC_ENFORCE_SECMEC at the DB2 server. 
 
No application modification is required, except that if you use 
Oracle JVM and use the security mechanism 
ENCRYPTED_USER_AND_PASSWORD_SECURITY you must also have the IBM 
Data Server Driver for JDBC and SQLJ property 
encryptionAlgorithm set to 2, which means using 256-bit AES 
(strong) encryption. To use 256-BIT AES (strong) encryption with 
Oracle JVM, install the "Java Cryptography Extension (JCE) 
Unlimited Strength Jurisdiction Policy" files from Oracle.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* Users of the IBM Data Server Driver for JDBC and SQLJ to     * 
* access a DB2 for Linux, UNIX and Windows database            * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to db2 Version 10.5 FixPack 4                        * 
****************************************************************
Local Fix:


available fix packs:


DB2 Cancun Release 10.5.0.4 (also known as Fix Pack 4) for Linux, UNIX, and Windows
 DB2 Version 10.5 Fix Pack 9 for Linux, UNIX, and Windows
 


Solution


This feature was first added in DB2 Version 10.5 Fix Pack 4


Workaround


not known / see Local fix


Timestamps


Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

26.09.2013
08.09.2014
08.09.2014


Problem solved at the following versions (IBM BugInfos)




Problem solved according to the fixlist(s) of the following version(s)


10.5.0.4

FixList