Use the New Database Connection wizard or pages that are embedded
in other wizards to create a JDBC connection to DB2® for Linux®, UNIX®, and Windows® that uses Kerberos security.
This feature is not available in some products.
Before you can connect using this security option, you must complete
some setup steps. See the DB2 for Linux, UNIX, and Windows information center and the documentation
that was provided with your Kerberos server for detailed information about
completing these steps:
- Set up your Kerberos server realm.
- Use the kinit command to create a cached Ticket Granting
Ticket (TGT).
It is recommended that you use the IBM® JGSS-provided Java™ version
of the traditional kinit Kerberos credential management tools. This version
is provided in the workbench in the following directory:
<product
directory>\jdk\jre\bin. You can run kinit with the following
command:
java com.ibm.security.krb5.internal.tools.Kinit
You
can use the IBM Data
Server Driver for JDBC and SQLJ to create connections to DB2 for Linux, UNIX, and Windows servers
using Kerberos security. To create Kerberos connections, select "IBM Data Server
Driver for JDBC and SQLJ using Kerberos security" in the JDBC driver field
of the New Connection wizard.
When you select this option,
the workbench ignores any userid or password values in the wizard and passes
the JCC driver a null userid and null password. The JCC driver then searches
for a cached TGT and uses the TGT to establish the Kerberos connection.
The host name must match a kdc entry under a valid realm in
your KRB5.INI file so that the cached TGT is valid for the connection.