5.6 Database Manager Configuration Parameter: FED_NOAUTH

Information

The FED_NOAUTH database manager configuration parameter determines whether federated authentication will be bypassed at the instance. If this parameter is set to YES, the AUTHENTICATION parameter is set to SERVER or SERVER_ENCRYPT and the FEDERATED parameter is set to YES, then authentication at the instance is bypassed and is instead assumed to be performed at the data source.

It is recommended to set this parameter to NO.

Rationale:

Setting FED_NOAUTH to NO will ensure that authentication is not bypassed for any users that are connecting to the instance.

Impact:

It is important to be aware that the implementation of this recommendation results in a brief downtime. It is therefore advisable to ensure that the setting is implemented during an approved maintenance window.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Attach to the Db2 instance

db2 => attach to <db2instance>

Run the following command:

db2 => update database manager configuration using fed_auth no

Restart the Db2 instance.

db2 => db2stop
db2 => db2start

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|16.2

Plugin: Unix

Control ID: bee182504ca37fd4834c7c0d25c749197d6b3d8585baac3f0ca82e2e735be607