This topic provides some hints and tips about security for DB2 Connect™ connecting to a DB2® for OS/390® and z/OS® database server.
Ensure that the DB2 OS/390 and z/OS Extended Security Field is set to YES. This field appears in the DB2 for OS/390 and z/OS DSNTIPR panel.
Until DB2 Universal Database™ for z/OS and OS/390 Version 5.1, connect requests that provided user IDs or passwords could fail with SQL30082 reason code 0, but no other indication as to what might be wrong.
DB2 Universal Database for z/OS and OS/390 Version 5.1 introduced an enhancement which provides support for extended security codes. Specifying extended security will provide additional diagnostics, such as (PASSWORD EXPIRED) in addition to the reason code.
To exploit this, the DB2 Universal Database for z/OS and OS/390 ZPARM installation parameter for extended security should be set to the value YES. Use the DB2 Universal Database for z/OS and OS/390 installation panel DSN6SYSP to set EXTSEC=YES. You can also use DDF panel 1 (DSNTIPR) to set this. The default value is EXTSEC=NO. In the case of an expired password, Windows®, Linux™, UNIX®, and Web applications using DB2 Connect will receive an SQL30082 error message.
If you want to provide support for the DB2 security option AUTHENTICATION=CLIENT, then use DB2 Universal Database for z/OS and OS/390 installation panel DSNTIP4 (DDF panel 2) to set TCP/IP already verified security to YES.
Workstation ODBC and Java™ applications use dynamic SQL. This might create security concerns in some installations. DB2 Universal Database for z/OS and OS/390 introduces a new bind option DYNAMICRULES(BIND) that allows execution of dynamic SQL under the authorization of either the owner or the binder.
DB2 and DB2 Connect provide a new CLI/ODBC configuration parameter CURRENTPACKAGESET in the DB2CLI.INI configuration file. This should be set to a schema name that has the appropriate privileges. An SQL SET CURRENT PACKAGESET schema statement will automatically be issued after every connect for the application.
Use the ODBC Manager to update DB2CLI.INI.
CONNECT TO <database> USER <userid> USING <password> NEW <new_password> CONFIRM <new_password>
The "Change password" dialog of the DB2 Configuration Assistant can also be used to change the password.
Parent topic: DB2 Connect authentication considerations
CONNECT (Type 1) statement BIND command