Active Directory-based Authentication for IBM DB2

Centrify for IBM DB2 enhances DB2 security with centralized, Active Directory-based authentication, administration and password policy enforcement


For the first time, organizations using DirectControl and Microsoft Active Directory can not only centrally manage user authentication across a wide range of heterogeneous systems (including Microsoft Windows, Linux, UNIX and Mac OS systems) and web-based applications (Apache, BEA WebLogic, Jboss, IBM WebSphere, etc.) but can also control access to IBM DB2. End-users within these organizations benefit by gaining single sign-on through a single Active Directory user name and password to all of the key systems, applications and databases they require access to, no matter how heterogeneous their organization's underlying IT infrastructure is.

How It Works

How It Works

Centrify DirectControl's core feature is its ability to enable Linux, UNIX and Mac servers and workstations to participate in an Active Directory domain. The Centrify DirectControl Agent effectively turns the host system into an Active Directory client. The Centrify DirectControl for DB2 module further enables Kerberos-based authentication through Active Directory.

The benefit for end-users is that they can now silently authenticate to the heterogeneous systems, applications and databases they are allowed to access without being challenged to re-type a user name or password. The benefit for IT managers is that administrators and help desk personnel can now use a single administrative tool — Microsoft Active Directory — to define consistent security policies for and to control access to a mix of different vendors' databases, heterogeneous operating systems, and web-based applications within their organization. For example, once an administrator disables a user's Active Directory account, that user immediately loses their ability to access DB2 running on non-Microsoft platforms.