Sunday, August 23, 2015

Using Centrify's AD Technology to Overcome IBM DB2 Database Access and Identity Challenges


When running IBM DB2 on UNIX and Linux platforms, organizations are often faced with the following challenges:
  • They find themselves maintaining local users and groups in the local user store (/etc/passwd or /etc/group) to support DB2.
  • They face challenges with the 8-character username limitation
  • Entitlements are managed with groups that are local to that system
  • Users either make the password the same or use simpler passwords if policy is not enforced
This means: 
  • Each OS hosting DB2 becomes an identity silo, this means:
    • Policy must be enforced
    • Access control rules must be in place
    • Reporting and attestation are needed
  • This often means audit comments for untimely offboarding of DB2 local users
  • Promotes complexity and affects user productivity.
Centrify has had the IBM DB2 SSO Module for years now, but I still see organizations struggle.  We covered the set up of the plugin in a previous post, but this 20-minute playlist has a technical briefing with demo for those who are looking to overcome this challenge:

In summary, Centrify IBM DB2 SSO plugin provides:
  • User/Password plugin:  Allows users to authenticate to DB2 with their AD credential, no short names required or local identities.
  • Group plugin:  Exposes user's AD groups to DB2, this is an avenue to assign entitlements in a more effective way
  • GSSAPI plugin:  Provides SSO services via  GSS interfaces.

Less identity silos, more productivity, more operational efficiency....

No comments:

Post a Comment