This database manager configuration parameter is only active when the authentication parameter is set to CLIENT which is not a recommended setting as discussed in the [authentication parameter section](#specify-a-secure-authentication-type-authentication). If the parameter is set to CLIENT, the user ID and password are not needed, but if they are provided, authentication will occur at the client. If the parameter is set to SERVER, the user ID and password are needed and will be authenticated at the server. The recommended value for this parameter is SERVER. Rationale: If the server trusts the client to authenticate the connecting user, a malicious user can connect to the database as any user including a database administrator by simply creating that user on the client system. Impact: It is important to be aware that the implementation of this recommendation results in a brief downtime. It is therefore advisable to ensure that the setting is implemented during an approved maintenance window. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Attach to the Db2 instance. db2 => attach to <db2instance> Run the following command: db2 => update database manager configuration parameter using trust_clntauth SERVER Restart the Db2 instance. db2 => db2stop db2 => db2start