Yes, we are still working on Kerberos support for DB2 on AIX. Perhaps we
can ship this next year. No promises, however.

Tom Remmers wrote:
> CLIENT authentication is attractive for single-signon on batch jobs w/o hard
> coded passwords from remote computers, however I wonder about the security
> implications. Even if TRUST_ ALLCLNTS = NO, if the remote user does not
> specify a password, they can authenticate. That's not a problem when then
> client connects from within our organization, but doesn't that still leave a
> huge gaping security hole? Can't a hacker install a DB2 client on their own
> iSeries computer, and just knowing the instance name (and maybe port number)
> on my system authenticate and connect to my database? Client authentication
> takes place on the hacker system totally beyond any control. Am I missing
> something?
>
> It would be great if IBM extended Kerberos auth to AIX at least, providing
> remote connection without passwords while preventing authentication from
> anywhere on the internet.
>
> Thanks,
>
> Tom Remmers
> Software Engineer
> University of Washington
>
>