securityMechanism IBM data server driver configuration keyword (for the IBM Data Server Driver for JDBC and SQLJ)

The securityMechanism data server driver keyword specifies the DRDA security mechanism that is used for a JDBC connection to a data server.

Attention: This keyword is available in Db2® 11.5.8 and later versions.
Equivalent IBM® Data Server Driver for JDBC and SQLJ property
securityMechanism
IBM data server driver configuration file (db2dsdriver.cfg) syntax
<parameter name="securityMechanism" value="integer"/>

integer is one of the following values: 3, 4, 7, 9, 11, 12, 13, 14, 15, 16, 18, or 19.

Default setting:
The securityMechanism value is provided by IBM Data Server Driver for JDBC and SQLJ configuration property db2.jcc.securityMechanism, if db2.jcc.securityMechanism is set. Otherwise, the default value is one of two values:
  • 3 (clear text password security) for Db2 11.5.8 and earlier instances.
  • 9 (encrypted user and password security) for Db2 11.5.9 and later.
Usage notes:
Important:
Starting with version 4.33 ( 11.5.9) of the IBM Data Server Driver for JDBC and SQLJ:
  • The default security mechanism is encrypted user ID and password security (9). If the data server does not support encrypted user ID and password security (9), but supports clear text password security (3), the driver changes the security mechanism to clear text password security (3) and attempts to connect to the data server.
    When the driver retries the connection using clear text password security (3), performance might be degraded. To minimize the performance impact, take one of the following actions:
    • Explicitly set the security mechanism to clear text password security (3) on the client side.
    • Change the data server setting to support encrypted user ID and password security.

    Any mismatch in security mechanism support between the requester and the data server other than clear text password security (3) and encrypted user ID and password security (9) results in an error.

  • A connection to a Db2 for z/OS subsystem or data sharing group that uses the default security mechanism of encrypted user ID and password security (9) and AES encryption is successful only if the z/OS Integrated Cryptographic Service Facility (ICSF) is enabled on the z/OS system where each subsystem or data sharing member is installed. ICSF is required for decrypting the user ID and password. If ICSF is not installed, you need to set the security mechanism to clear text password security (3).

Before version 4.33 (11.5.9) of the IBM Data Server Driver for JDBC and SQLJ, the default security mechanism is clear text password security (3). If the data server does not support clear text password security (3), but supports encrypted user ID and password security (9), the driver changes the security mechanism to encrypted user ID and password security (9) and attempts to connect to the data server. Any other mismatch in security mechanism support between the requester and the data server results in an error.

Restriction: IBM Informix® data servers do not support encrypted user ID and password security (securityMechanism value 9). For connections to IBM Informix data servers, set the securityMechanism value to 3 (clear text password security).
For additional information on each of the securityMechanism settings, see the description of securityMechanism in Common IBM Data Server Driver for JDBC and SQLJ properties for all supported database products.