If you are using IBM® Data Server Driver for JDBC and SQLJ type 4 connectivity, and you set the retryWithAlternativeSecurityMechanism to com.ibm.db2.jcc.DB2BaseDataSource.YES (1), and the original security mechanism for a connection fails, the driver retries the connection with the most secure alternative security mechanism.
The following table lists the IBM Data Server Driver for JDBC and SQLJ security mechanisms, and the alternative security mechanisms that are used when the original connection has an authorization failure.
Server authentication type | IBM Data Server Driver for JDBC and SQLJ authentication type for the original connection | IBM Data Server Driver for JDBC and SQLJ authentication type for retrying the connection |
---|---|---|
CLIENT |
|
USER_ONLY_SECURITY |
USER_ONLY_SECURITY | None. USER_ONLY_SECURITY does not fail on the original connection. | |
SERVER |
|
CLEAR_TEXT_PASSWORD_SECURITY |
CLEAR_TEXT_PASSWORD_SECURITY | None. CLEAR_TEXT_PASSWORD_SECURITY does not fail on the original connection. | |
SERVER_ENCRYPT for DB2® for Linux, UNIX, and Windows Version 8 Fix Pack 9 or earlier |
|
ENCRYPTED_USER_AND_PASSWORD_SECURITY |
|
None. ENCRYPTED_PASSWORD_SECURITY and ENCRYPTED_USER_AND_PASSWORD_SECURITY do not fail on the original connection. | |
SERVER_ENCRYPT for DB2 for Linux, UNIX, and Windows Version 8 Fix Pack 10 or later |
|
ENCRYPTED_USER_AND_PASSWORD_SECURITY |
|
None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, and ENCRYPTED_USER_AND_PASSWORD_SECURITY do not fail on the original connection. | |
DATA_ENCRYPT |
|
ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY |
ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY | None. ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY does not fail on the original connection. | |
KERBEROS |
|
KERBEROS_SECURITY |
KERBEROS_SECURITY | None. KERBEROS_SECURITY does not fail on the original connection. | |
GSSPLUGIN |
|
PLUGIN_SECURITY |
PLUGIN_SECURITY | None. PLUGIN_SECURITY does not fail on the original connection. | |
KRB_SERVER_ENCRYPT |
|
KERBEROS_SECURITY |
|
None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, ENCRYPTED_USER_AND_PASSWORD_SECURITY, KERBEROS_SECURITY, and PLUGIN_SECURITY do not fail on the original connection. | |
GSS_SERVER_ENCRYPT |
|
KERBEROS_SECURITY |
|
None. CLEAR_TEXT_PASSWORD_SECURITY, ENCRYPTED_PASSWORD_SECURITY, ENCRYPTED_USER_AND_PASSWORD_SECURITY, KERBEROS_SECURITY, and PLUGIN_SECURITY do not fail on the original connection. |