Previous Topic Next topic Print topic


Trusting

Restriction: This topic applies to Windows environments only.

Without trusting, any time a login request is received by an XDB Server, the AuthID and password must be verified. Trusting (available only in conjunction with inbound mapping) allows an XDB Server to bypass verifying the password with SYSXDB.SYSACFUSERS each time a request is received via server-to-server connectivity. The remote server receives a request that references either a location controlled by the remote server (using three-part names) or the server itself (using CONNECT). If no password is sent to the remote XDB Server, SYSIBM.SYSLUNAMES is checked to ensure that the request from the primary server is already verified and a password is not needed.

The SYSIBM.SYSLUNAMES table is also checked to determine if inbound mapping is being used. If inbound mapping is being used the presence of a password is again checked. If a password was sent, the AuthID and password are verified with SYSXDB.SYSACFUSERS. If no password is included, then the AuthID is not verified because the information from that primary server can be trusted. Then, SYSIBM.SYSUSERNAMES is checked and the AuthID is mapped. Finally, privileges are checked and the query is processed.

If inbound mapping is not being used, the AuthID and password are verified with SYSXDB.SYSACFUSERS. Privileges are then checked and the query is processed.

Trusting can only been performed in conjunction with inbound mapping on a remote server. The remote server will be changing any AuthIDs received from a particular server. The AuthIDs to be mapped can be maintained in SYSXDB.SYSUSERNAMES.

Previous Topic Next topic Print topic