Set up the GSSAPI DB2 Client
The Authentication Service for IBM DB2 GSSAPI security plug-in has a client component that must be installed on each DB2 UNIX-based client computer accessing the DB2 server.
DB2 Client Installation on a UNIX Computer
Copy the IBM Security for DB2 package to each client. Unzip, restore, and install the package as described in Install and Configure Server.
Just like the DB2 server, you can use either use the setupdb2.sh
setup script or manually install and configure the software. The following sections describe these procedures.
Install on UNIX Using the setupdb2.sh
Script
To install the IBM Security for DB2 package using the setupdb2.sh
script, perform the steps described in Install and Configure Plug-ins Using the setupdb2.sh Script
The setupdb2.sh
script may wrongly identify a DB2 version 8 client as a DB2 server. If this happens, when the script prompts you to confirm the detection, answer no. The script will then install the GSSAPI plug-in for DB2 client.
Install on UNIX Manually
Perform the following steps to install the IBM Security for DB2 package manually.
To install the Authentication Service for IBM DB2 manually:
-
Copy the shared libraries. Run the following commands as the instance user to copy the shared libraries to the target directories where
db2inst1
is the instance name:- For a 64-bit DB2 instance:
cp /usr/share/centrifydc/lib64/libcentrifydc_db2gsskrb5.so
~db2inst1/sqllib/security64/plugin/client/centrifydc_db2gsskrb5.so
cp /usr/share/centrifydc/lib/libcentrifydc_db2gsskrb5.so
~db2inst1/sqllib/security32/plugin/client/centrifydc_db2gsskrb5.so
- For 32-bit instances, run:
cp /usr/share/centrifydc/lib/libcentrifydc_db2gsskrb5.so
~db2inst1/sqllib/security32/plugin/client/centrifydc_db2gsskrb5.so
-
Set up the DB2 configuration variables. As the DB2 instance user, run the following commands to tell DB2 to use server authentication schemes:
db2 update dbm cfg using LOCAL_GSSPLUGIN centrifydc_db2gsskrb5
db2 update dbm cfg using AUTHENTICATION SERVER