Creating and terminating a trusted connection through CLI
If the database server you are connecting to is configured to allow it, you can create an explicit trusted connection when connecting through CLI.
This procedure assumes that you are not using an XA transaction manager. If you are using an XA transaction manager you only need to make sure that the transaction manager is configured to set the configuration value TCTX to TRUE when it calls xa_open. If that is done then any connection that can be an explicit trusted connection will be. To verify that a connection is an explicit trusted connection see step 3.
- The database that you are connecting to must support trusted contexts.
- A trusted context must be defined that will recognize the client as being trustable.
- You must know the system authorization ID that is specified in the trusted context. The system authorization ID of a trusted connection is the authorization ID you provide to the server as a user name when creating the connection. For your connection to be trusted by a particular trusted context the system authorization ID must be the one specified in that trusted context. Ask your security administrator for a valid system authorization ID and the password for that ID.
The examples in these instructions use the C language and assume that conn is a pointer to a valid, but unconnected, connection handle. The variable rc is assumed to have a data type of SQLRETURN.
- In addition to setting any connection attributes that you would set for a regular connection, set the connection attribute SQL_ATTR_USE_TRUSTED_CONTEXT to SQL_TRUE with a call to the SQLSetConnectAttr function.
rc = SQLSetConnectAttr(
conn,
SQL_ATTR_USE_TRUSTED_CONTEXT, SQL_TRUE, SQL_IS_INTEGER
);
- Connect to the database as you would for a regular connection, by calling the SQLConnect function for instance. Use the system authorization ID as the user name and its password as the password. Be sure to check for errors and warnings, especially those listed in table Table 1.
Table 1. Errors indicating failure to create a trusted connection| SQLCODE |
SQLSTATE |
Meaning |
|---|
| SQL20360W |
01679 |
The connection could not be established as a trusted connection. It was established as a regular connection instead. |
If no errors or warnings tell you differently, then the connection is established and is an explicit trusted connection. - (Optional) You can verify that an established connection is an explicit trusted connection by checking the value of the connection attribute SQL_ATTR_USE_TRUSTED_CONTEXT using the SQLGetConnectAttr function. If it is set to SQL_TRUE the connection is an explicit trusted connection.
- When you are finished using the connection be very careful to explicitly disconnect it, even if it is in a broken or disconnected state. If you do not explicitly disconnect an explicit trusted connection some of the resources used by the connection might not be released.
Note:
- Explicit trusted connections should not use CLIENT authentication. This does not apply to implicit trusted connections.
- Applications using explicit trusted connections should only be run on secure computers which are password protected and accessible only to authorized personnel. This does not apply to implicit trusted connections.
Parent topic: Trusted connections through DB2 Connect
Related reference
Connection attributes (CLI) list