DirectControl for DB2 5.8.0 Release Notes
© 2004-2021 Centrify Corporation.
This software is protected by international copyright laws.
All Rights Reserved.
Table of Contents
Centrify Authentication Service provides secure access control and centralized identity management by seamlessly integrating UNIX and Linux computers with Microsoft Active Directory.
DirectControl for DB2 extends Centrify Authentication Service to DB2 database instances. This solution allows you to use Microsoft Active Directory as the centralized authentication and access control data store in a heterogeneous environment containing Windows and UNIX computers, as well as DB2 relational database management systems.
Documentation, Authentication Guide for IBM DB2 (centrify-db2-guide.pdf), is available online to guide customers through the setup and configuration of DirectControl for DB2 in both new and existing environments.
The latest copies of this release notes as well as the above-mentioned documentation are available online at http://docs.centrify.com.
Centrify software is protected by U.S. Patents 7,591,005; 8,024,360; 8,321,523; 9,015,103; 9,112,846; 9,197,670; 9,378,391 and 9,442,962. (Ref: CS-44575)
The DirectControl for DB2 bundle package contains the following resources:
· DirectControl for DB2 software package (e.g., rpm, or deb file)
· DirectControl for DB2 Release Notes (DirectControl-for-DB2-Release-Notes.html – this release notes)
The DirectControl for DB2 bundle package is available on the following OS/platforms in this release:
· IBM AIX on PPC
· Oracle Solaris on SPARC
· Red Hat Enterprise Linux on x86_64
· Red Hat Enterprise Linux on S390
· SUSE Linux Enterprise Server on x86_64
· SUSE Linux Enterprise Server on S390
This release supports IBM DB2 v10.5, v11.1 and v11.5. Note: we will support v10.5 for one more release as IBM has extended their support.
For the OS versions that a particular DirectControl for DB2 bundle package supports, please refer to the supported OS versions of the matching DirectControl agent package of the corresponding Centrify Authentication Service release. Similarly, DirectControl for DB2 also follows Centrify DirectControl’s schedule for End-of-Support platforms and hence please refer to the announcements there.
· This release supports IPS migration of DirectControl for DB2 on Solaris 11. (Ref: DB-181)
· DirectControl for DB2 now supports Red Hat Enterprise Linux on S390 and SUSE Linux Enterprise Server on S390. (Ref: DB-160)
· Added a new option "check" for setupdb2.sh script. This option can be used to check the plugins compatibility before or after installing the DB2 plugins. (Ref: DB-141)
· This release of DirectControl for DB2 works with Centrify Server Suite 2020 or above.
Note: It does not work with previous Centrify Server Suite releases, and previous versions of DirectControl for DB2 do not work with Centrify Server Suite 2020 or above, because of the underlying Kerberos library changes.
· This release of DirectControl for DB2 works with Centrify Server Suite Release 2020. Note: It does not work with previous Centrify Server Suite releases, and previous versions of DirectControl for DB2 do not work with Centrify Server Suite 2020 either, because of the underlying library changes. (Ref: DB-164)
· This release now supports Oracle Solaris IPS package. (Ref: DB-163)
Note: On Solaris 11, all Centrify packages must be in the same format: either SVR4, or IPS, so that they can be migrated only altogether.
Currently CDC-db2 and CDC-adbindproxy packages cannot be migrated directly from SVR4 to IPS format and hence here is the suggested scenario: (Ref: CS-49180)
· Backup configuration files and uninstall CDC-db2 and/or CDC-adbindproxy SVR4 package(s);
· Migrate all other Centrify packages from SVR4 to IPS;
· Re-install and re-configure CDC-db2 and/or CDC-adbindproxy IPS packages.
· This release now supports IBM DB2 v11.5. (Ref: DB-161)
· This release is the last release that supports IBM DB2 v10.5, v11.1.
· Starting this release, IBM DB2 v10.1 is no longer supported.
· This release does not support 32-bit for all Linux platforms.
· This release is bundled with an installation script "install.sh" which contains a fix to make sure the DirectControl 5.7.0+ is installed before installing the DB2 plugins 5.8.0. (Ref: DB-179)
· For DB2 group plugin, increased the default buffer size to 16384 so that it can handle long lines (around 8192 chars) in the /etc/group file. (Ref: DB-177)
· Fixed a problem in loading the DB2 plugins due to missing libnsl.so.1 (the db2start command fails on recent Linux releases, e.g., RHEL8, after the plugins are installed). The DB2 plugins no longer require libnsl. (Ref: DB-161)
· Fixed a problem that the DB2 user/password plug-in returns reason code 15 "PROCESSING FAILURE" when a local user entered incorrect username or password. The plug-in now will return reason code 24 "USERNAME AND/OR PASSWORD INVALID" in this case. (Ref: DB-159)
· Fixed a problem that on platforms other than AIX, the setupdb2.sh could not complete the setup if the login shell of the instance owner is ksh. (DB-158)
First read the centrify-db2-guide.pdf that is included in this package to get familiar with how to use this feature, and the installation, upgrade, configuration, and verification procedures.
The following sections describe known issues or limitations associated with this release.
· The DB2 username/password plug-in cannot authenticate any user when the machine is not joined to a zone or DirectControl agent is not running.
The DB2 username/password plug-in uses a new way to authenticate local user, and this relies on the DirectControl agent. Therefore, if the machine is not joined or DirectControl agent is not running, the DB2 username/password does not work. (Ref: 64711).
· The single sign on can only work with Active Directory users.
If you have an Active Directory user and local user with the same username and AIX is configured to use LAM, you may not be able to log in as an Active Directory user. If the user is not logged in as the Active Directory user, the DB2 GSSAPI plug-in for single sign on does not work. The DB2 GSSAPI plug-in only works with Active Directory user accounts. To ensure that single sign on always works, rename, or remove the local user account.
· Install error when SELinux enabled – You may receive an error during installation of the Centrify DB2 package if you have SELinux enabled during installation. This may be avoided by one of the following two workarounds:
1. Temporarily disable SELinux. To disable SELinux, modify the /etc/selinux/config file as follows:
2. Change the file context on the appropriate library:
chcon -t textrel_shlib_t /home/release/335_ESE_LNXAMD26_64_NLV/db2/linux26/install/libimf.so
In addition to the documentation provided for this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.
The Centrify Resources web site provides access to a wide range of information including analyst report, best practice brief, case study, datasheet, ebook, white papers, etc., that may help you optimize your use of Centrify products. For more information, see the Centrify Resources web site:
You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this version of Centrify Samba, send email to firstname.lastname@example.org or call 1-669-444-5200, option 2. For information about purchasing or evaluating Centrify products, send email to email@example.com.