3.1.11 Authenticate federated users at the instance level

Information

The fed_noauth parameter determines whether federated authentication will be bypassed at the instance. It is recommended that this parameter be set to no.

Setting fed_noauth to no will ensure that authentication is checked at the instance level. This will prevent any federated authentication from bypassing the client and the server.

Solution

1. Attach to the DB2 instance.
db2 => attach to $DB2INSTANCE
2. Run the following command from the DB2 command window:
db2 => update database manager configuration using fed_noauth no
Default Value:
The default value for FED_NOAUTH is NO.

See Also

https://workbench.cisecurity.org/files/1654

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3

Plugin: IBM_DB2DB

Control ID: 76f3878ab4d8a373f12928e49d2e0564cba752102127a2be87dfe10513792965