BackgroundWhen running IBM DB2 on UNIX and Linux platforms, organizations are often faced with the following challenges:
- They find themselves maintaining local users and groups in the local user store (/etc/passwd or /etc/group) to support DB2.
- They face challenges with the 8-character username limitation
- Entitlements are managed with groups that are local to that system
- Users either make the password the same or use simpler passwords if policy is not enforced
- Each OS hosting DB2 becomes an identity silo, this means:
- Policy must be enforced
- Access control rules must be in place
- Reporting and attestation are needed
- This often means audit comments for untimely offboarding of DB2 local users
- Promotes complexity and affects user productivity.
Centrify has had the IBM DB2 SSO Module for years now, but I still see organizations struggle. We covered the set up of the plugin in a previous post, but this 20-minute playlist has a technical briefing with demo for those who are looking to overcome this challenge:
In summary, Centrify IBM DB2 SSO plugin provides:
- User/Password plugin: Allows users to authenticate to DB2 with their AD credential, no short names required or local identities.
- Group plugin: Exposes user's AD groups to DB2, this is an avenue to assign entitlements in a more effective way
- GSSAPI plugin: Provides SSO services via GSS interfaces.
Less identity silos, more productivity, more operational efficiency....