Im trying to locate user password hashes in Db2 v12 z/OS. I think in previous versions this was located in the SYSIBM.USERNAMES table - but not this time. Any clue?
Asked
Active
Viewed 259 times
0
-
1Db2 delegates exernally for such matters. For example to RACF or other tools. – mao Oct 14 '21 at 12:34
-
Got it, thank you. This sheds some light on my case. – Radek Radek Oct 14 '21 at 16:16
2 Answers
1
For incoming connection requests, Db2 delegates authentication to external tools. For Db2-on-z/OS, such external tools can be site specific, but many sites use RACF.
Keep in mind that the Db2-for-z/OS subsystem might also be configured for certificate authentication, or other methods, instead of passwords.
For these reasons, you should examine your assumptions, in addition your true motivation.
0
Security is a complex topic and is dependent on whether these are inbound or outbound requests. The SYSIBM.USERNAMES table can be used for inbound or outbound requests but as previously noted external security managers like RACF, Top Secret and ACF2 could be used. Access to these ESMs would be through the SAF interfaces on z/OS.
If you are interested in an anchor point to get you to other sections for your specific use case I would start here
About the PASSWORD column in SYSIBM.USERNAMES table
Password to accompany an outbound request, if passwords are not encrypted by RACF®. If passwords are encrypted, or the row is for inbound requests, the column is not used.PASSWORD can be stored as encrypted data by calling the DSNLEUSR stored procedure. To send the encrypted value of PASSWORD across a network, one of the encryption security options in the SYSIBM.IPNAMES table should be specified.
Note that security can also include the originating node as well as other information beyond the username. The question is fairly general in nature so providing a more specific answer is not possible.
Hogstrom
- 3,581
- 2
- 9
- 25