DB2 for Linux, UNIX, and Windows Kerberos connections

Use the New Database Connection wizard or pages that are embedded in other wizards to create a JDBC connection to DB2® for Linux, UNIX, and Windows that uses Kerberos security. This feature is not available in some products.
Before you can connect using this security option, you must complete some setup steps. See the DB2 for Linux, UNIX, and Windows information center and the documentation that was provided with your Kerberos server for detailed information about completing these steps:
  • Set up your Kerberos server realm.
  • Use the kinit command to create a cached Ticket Granting Ticket (TGT).
It is recommended that you use the IBM® JGSS-provided Java version of the traditional kinit Kerberos credential management tools. This version is provided in the workbench in the following directory: <product directory>\jdk\jre\bin. You can run kinit with the following command:
java com.ibm.security.krb5.internal.tools.Kinit

You can use the IBM Data Server Driver for JDBC and SQLJ to create connections to DB2 for Linux, UNIX, and Windows servers using Kerberos security. To create Kerberos connections, select "IBM Data Server Driver for JDBC and SQLJ using Kerberos security" in the JDBC driver field of the New Connection wizard.

When you select this option, the workbench ignores any userid or password values in the wizard and passes the JCC driver a null userid and null password. The JCC driver then searches for a cached TGT and uses the TGT to establish the Kerberos connection.

The host name must match a kdc entry under a valid realm in your KRB5.INI file so that the cached TGT is valid for the connection.


Feedback