Microsoft KB Archive/916183

= An update is available that lets OLE DB Provider for DB2 1.0 support a connection to an IBM DB2 computer that is configured to use the KRB_SERVER_ENCRYPT authentication type or the SERVER_ENCRYPT authentication type =

Article ID: 916183

Article Last Modified on 8/1/2007

-

APPLIES TO


 * Microsoft OLE DB Provider for DB2

-



INTRODUCTION
Microsoft OLE DB Provider for DB2 1.0 is included with the Microsoft SQL Server 2005 Feature Pack. OLE DB Provider for DB2 1.0 supports a connection to an IBM DB2 computer that is configured to use the SERVER authentication type.

Microsoft Knowledge Base article 909612 describes an update that lets OLE DB Provider for DB2 1.0 support a connection to an IBM DB2 computer that is configured to use the KERBEROS authentication type or the KRB_SERVER_ENCRYPT authentication type. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

909612 OLE DB Provider for DB2 1.0 has been updated to support the KERBEROS and KRB_SERVER_ENCRYPT authentication types

Note The update that Knowledge Base article 909612 describes adds support for these authentication types only when OLE DB Provider for DB2 1.0 is configured to use the Kerberos protocol. If the IBM DB2 computer is configured to use the KRB_SERVER_ENCRYPT authentication type and if OLE DB Provider for DB2 1.0 is not configured to use the Kerberos protocol, the IBM DB2 computer tries to use an authentication type that is equivalent to the SERVER_ENCRYPT authentication type. However, OLE DB Provider for DB2 1.0 does not support the SERVER_ENCRYPT authentication type, and the connection fails.

This article describes an update that lets OLE DB Provider for DB2 1.0 support a connection to an IBM DB2 computer that is configured to use the KRB_SERVER_ENCRYPT authentication type or the SERVER_ENCRYPT authentication type.



Update information
A supported feature that modifies the product's default behavior is now available from Microsoft. However, it is intended to modify only the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next OLE DB Provider for DB2 1.0 release that contains this feature.

To obtain this feature immediately, contact Microsoft Customer Support Services. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

File information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

64-bit versions
Note Because of file dependencies, the most recent update that contains these files may also contain additional files.



This update improves the update that Knowledge Base article 909612 describes. After you apply this update, OLE DB Provider for DB2 1.0 can connect to an IBM DB2 computer that is configured to use the KRB_SERVER_ENCRYPT authentication type or the SERVER_ENCRYPT authentication type. The SERVER_ENCRYPT authentication type lets you encrypt the passwords that you send over the network.

After you apply this update, you must configure OLE DB Provider for DB2 1.0 to support the KRB_SERVER_ENCRYPT authentication type or the SERVER_ENCRYPT authentication type. To do this, follow these steps:  Click Start, click All Programs, click Microsoft OLE DB Provider for DB2, and then click Data Access Tool. Create a new data source, or modify an existing data source. Click Next until you reach the Security page. In the Security method list, click Interactive sign-on, or click Kerberos.

Notes  If you click Interactive sign-on and if the Auth Encrypt property is set to True, OLE DB Provider for DB2 1.0 tries to use the SERVER_ENCRYPT authentication type. If you click Kerberos and if the Auth Encrypt property is set to True, OLE DB Provider for DB2 1.0 tries to use Kerberos authentication first. If Kerberos authentication fails, OLE DB Provider for DB2 1.0 tries to use the SERVER_ENCRYPT authentication type.</ul> </li> Save the changes that you made to the data source.</li> Exit the Data Access Tool.</li> Locate the universal data link (UDL) file. By default, the UDL file is in the following folder when you save the UDL file in the Data Access Tool:

C:\Documents and Settings\ \My Documents\Host Integration Projects\Data Sources

</li> To open the Data Link Properties dialog box, double-click the UDL file.

Note You must use the Data Link Properties dialog box to modify the UDL file because the Data Access Tool that is included with OLE DB Provider for DB2 1.0 has not been updated to expose the new Auth Encrypt property.</li> Click the All tab.</li> Double-click the Auth Encrypt property.</li> In the Property Value list, click True.</li> Click OK.</li> Double-click the User ID property, and then enter the user ID that you want to use for authentication on the IBM DB2 computer.</li> Click OK.</li> Double-click the Password property, and then enter a valid IBM DB2 password for the user ID that you specified in step 13.</li> Click OK.</li></ol>

Connection string
You must add the following properties to the connection string for OLE DB Provider for DB2 1.0. Auth Encrypt=True Principle Name=<PrincipleName> User ID=<UserID> Password=<Password> For example, the following connection string makes OLE DB Provider for DB2 1.0 use the SERVER_ENCRYPT authentication type if Kerberos authentication fails. ; Everything after this line is an OLE DB initialization string Provider=DB2OLEDB;Integrated Security=SSPI;Password=<Password>;Persist Security Info=True;User ID=<UserID>;Initial Catalog=<InitialCatalogName>;Defer Prepare=False;Auth Encrypt=True;Derive Parameters=False;Rowset Cache Size=0;APPC Security Type=Program;Network Transport Library=TCP;Host CCSID=37;PC Code Page=1252;Network Address=SYS1;Network Port=444;Package Collection=<UserID>;Default Schema=DB2USER1;DBMS Platform=DB2/AS400;Principle Name=<UserID>@<DomainName>.com;Process Binary as Character=False;Connection Pooling=False;Units of Work=RUW

<div class="references_section">