Specifying User Credentials for Kerberos Authentication (Delegation of Credentials)
By default, when Kerberos authentication is used, the DB2 driver takes advantage of the user name and password maintained by the operating system to authenticate users to the database. By allowing the database to share the user name and password used for the operating system, users with a valid operating system account can log into the database without supplying a user name and password.
Many application servers or Web servers act on behalf of the client user logged on the machine on which the application is running, rather than the server user. If you want the driver to use user credentials other than the server user’s operating system credentials, include code in your application to obtain and pass a javax.security.auth.Subject used for authentication as shown in the following example.
// The following code creates a javax.security.auth.Subject instance // used for authentication. Refer to the Java Authentication // and Authorization Service documentation for details on using a // LoginContext to obtain a Subject.