home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC95032 Status: Geschlossen

NEW VALUE JCC_ENFORCE_SECMEC FOR DB2 REGISTRY VARIABLE DB2AUTH TO REJECT
NON-ENCRYPTED USERNAMES AND PASSWORDS FROM JCC CLIENT

Produkt:
DB2 CONNECT / DB2CONNCT / 970 - DB2
Problembeschreibung:
With the DB2 server authentication type SERVER_ENCRYPT a DB2 
server accepts connections from an IBM Data Server Driver for 
JDBC and SQLJ client (also called JCC driver) even when the 
client's security mechanism is CLEAR_TEXT_PASSWORD_SECURITY. 
That means that the DB2 server accepts user names and passwords 
that are not encrypted from such clients. 
 
The DB2 server authentication type is set by the database 
manager configuration parameter AUTHENTICATION. 
The security mechanism is set by the of the IBM Data Server 
Driver for JDBC and SQLJ client property securityMechanism. 
 
To prevent the DB2 server from accepting such connections this 
APAR introduces a value JCC_ENFORCE_SECMEC for the DB2 registry 
variable DB2AUTH. 
To have the DB2 server not accept connections from an IBM Data 
Server Driver for JDBC and SQLJ client with security mechanism 
CLEAR_TEXT_PASSWORD_SECURITY when the DB2 server authentication 
type is SERVER_ENCRYPT, set the DB2 registry variable DB2AUTH to 
JCC_ENFORCE_SECMEC at the DB2 server. 
 
No application modification is required, except that if you use 
Oracle JVM and use the security mechanism 
ENCRYPTED_USER_AND_PASSWORD_SECURITY you must also have the IBM 
Data Server Driver for JDBC and SQLJ property 
encryptionAlgorithm set to 2, which means using 256-bit AES 
(strong) encryption. To use 256-BIT AES (strong) encryption with 
Oracle JVM, install the "Java Cryptography Extension (JCE) 
Unlimited Strength Jurisdiction Policy" files from Oracle.
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* Users of the IBM Data Server Driver for JDBC and SQLJ to     * 
* access a DB2 for Linux, UNIX and Windows database            * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* .                                                            * 
****************************************************************
Local-Fix:


verfügbare FixPacks:


DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
 


Lösung


This feature was first added in DB2 Version 9.7 Fix Pack 9 
At a minimum, the change for this APAR should be applied on the 
server.


Workaround


keiner bekannt / siehe Local-Fix


Bug-Verfolgung


Vorgänger  : APAR is sysrouted TO one or more of the following: IC95073 IC95074 IC96368 IC96690 
Nachfolger : 


Weitere Daten


Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:

20.08.2013
17.12.2013
17.12.2013


Problem behoben ab folgender Versionen (IBM BugInfos)


9.7.FP9



Problem behoben lt. FixList in der Version


9.7.0.9

FixList



9.7.0.9

FixList