Microsoft KB Archive/909612

= OLE DB Provider for DB2 1.0 has been updated to support the KERBEROS and KRB_SERVER_ENCRYPT authentication types =

Article ID: 909612

Article Last Modified on 1/26/2007

-

APPLIES TO


 * Microsoft OLE DB Provider for DB2

-



INTRODUCTION
Microsoft OLE DB Provider for DB2 1.0 is included with the Microsoft SQL Server 2005 Feature Pack. OLE DB Provider for DB2 1.0 supports only the SERVER DB2 authentication type when OLE DB Provider for DB2 1.0 connects to an IBM DB2 database.

OLE DB Provider for DB2 1.0 cannot connect to an IBM DB2 database that is configured for one of the following DB2 authentication types:
 * SERVER_ENCRYPT
 * KERBEROS
 * KRB_SERVER_ENCRYPT



MORE INFORMATION
OLE DB Provider for DB2 1.0 has been updated to support connecting to IBM DB2 systems that are configured to use the KERBEROS and KRB_SERVER_ENCRYPT authentication types. After you apply this update, OLE DB Provider for DB2 1.0 can use the Kerberos security method when it connects to IBM DB2 databases that are configured for KERBEROS or KRB_SERVER_ENCRYPT authentication.

To configure OLE DB Provider for DB2 1.0 to use Kerberos authentication, follow these steps:
 * 1) Click Start, click All Programs, click Microsoft OLE DB Provider for DB2, and then click Data Access Tool.
 * 2) Create a new data source, or modify an existing data source.
 * 3) Click Next until you reach the Security dialog box.
 * 4) Click Kerberos in the Security method menu.
 * 5) Enter a valid principle name in the Principle name box.

Note The OLE DB Provider for DB2 1.0 will not connect to an IBM DB2 system that is configured to use KERBEROS and KRB_SERVER_ENCRYPT authentication types if the provider is not configured to use Kerberos. If the IBM DB2 system is configured to use KRB_SERVER_ENCRYPT authentication, and the OLE DB Provider for DB2 1.0 is not configured for Kerberos, IBM DB2 tries to use an authentication type that is equivalent to SERVER_ENCRYPT. However, the OLE DB Provider for DB2 1.0 does not support SERVER_ENCRYPT authentication. Therefore, the connection attempt will fail.

Connection String
The following properties must be added to the connection string for OLE DB Provider for DB2 1.0 to enable Kerberos authentication:
 * Integrated Security=SSPI
 * Principle Name=

The following is an example of a connection that is configured for Kerberos authentication. Provider=DB2OLEDB;Initial Catalog=IBMDB2;Network Transport Library=TCP;Host CCSID=1252;PC Code Page=1252;Network Address=IBMDB2DB;Network Port=446;Package Collection=NULLID;Process Binary as Character=False;Units of Work=RUW;DBMS Platform=DB2/6000;Defer Prepare=False;Principle Name=sqluser/test.domain.com@domain.com;Integrated Security=SSPI;Persist Security Info=False;Data Source=IBMDB2;Connection Pooling=True;Derive Parameters=False;

Update information
A supported feature that modifies the product's default behavior is now available from Microsoft, but it is only intended to modify the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next OLE DB Provider for DB2 1.0 service pack that contains this feature.

To obtain this feature immediately, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

File information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

x64-based version
Note Because of file dependencies, the most recent hotfix may also contain additional files. 