Security plug-in naming conventions

Security plug-in libraries must have a platform-specific file name extension. Security plug-in libraries written in C or C++ must have a platform-specific file name extension:

  • Windows: .dll
  • AIX®: .a or .so, and if both extensions exist, .a extension is used.
  • Linux® and HP IPF: .so
Note: Users can also develop security plug-ins with the Db2® Universal JDBC Driver.
For example, assume you have a security plug-in library called MyPlugin. For each supported operating system, the appropriate library file name follows:
  • Windows 32-bit: MyPlugin.dll
  • Windows 64-bit: MyPlugin64.dll
  • AIX 32 or 64-bit: MyPlugin.a or MyPlugin.so
  • SUN 32 or 64-bit, Linux 32 or 64 bit, HP 32 or 64 bit on IPF: MyPlugin.so
Note: The suffix "64" is only required on the library name for 64-bit Windows security plug-ins.
When you update the database manager configuration with the name of a security plug-in, use the full name of the library without the "64" suffix and omit both the file extension and any qualified path portion of the name. Regardless of the operating system, a security plug-in library called MyPlugin would be registered as follows:
UPDATE DBM CFG USING CLNT_PW_PLUGIN MyPlugin 

The security plug-in name is case sensitive, and must exactly match the library name. Db2 database systems use the value from the relevant database manager configuration parameter to assemble the library path, and then uses the library path to load the security plug-in library.

To avoid security plug-in name conflicts, you should name the plug-in using the authentication method used, and an identifying symbol of the firm that wrote the plug-in. For instance, if the company Foo, Inc. wrote a plug-in implementing the authentication method FOOsomemethod, the plug-in could have a name like FOOsomemethod.dll.

The maximum length of a plug-in name (not including the file extension and the "64" suffix) is limited to 32 bytes. There is no maximum number of plug-ins supported by the database server, but the maximum length of the comma-separated list of plug-ins in the database manager configuration is 255 bytes. Two defines located in the include file sqlenv.h identifies these two limits:
#define SQL_PLUGIN_NAME_SZ     32     /* plug-in name */
#define SQL_SRVCON_GSSPLUGIN_LIST_SZ 255 /* GSS API plug-in list */
The security plug-in library files must have the following file permissions:
  • Owned by the instance owner.
  • Readable by all users on the system.
  • Executable by all users on the system.