Jump to main content
HCL Logo Product Documentation
Customer Support HCLSoftware U Community Forums Customer Idea Portal
HCL Informix V14.10
  • HCL Informix® V14.10 documentation
  • Product overview
  • Installing
  • Administering
  • Migrating and upgrading
  • Client APIs and tools
  • Embedding Informix®
  • Extending Informix®
  • Data warehousing
  • Designing databases
  • JSON compatibility
  • Security
  • SQL programming
  • Troubleshooting HCL Informix®
  • Informix PDF guides
  1. Home
  2. Security

    You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.

  3. Security in HCL Informix®

    The Informix® Security Guide documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.

  4. Securing data
  5. Connection security

    You can administer the security of the connections to the database server by using authentication and authorization processes.

  6. Single sign-on

    Single sign-on is an authentication feature that bypasses the requirement to provide user name and password after a user logs into the client computer's operating system.

  7. Configuring the HCL Informix® instance for SSO

    Complete the following tasks for the server side of your system to enable SSO functionality with HCL Informix®:

 Go to Feedback
  • Security

    You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.

    • Security in HCL Informix®

      The Informix® Security Guide documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.

      • Securing data
        • HCL Informix® directory security

          utilities and product directories are secure by default.

        • Network data encryption

          Use network encryption to encrypt data transmitted between server and client, and between server and other server.

        • Column-level encryption

          You can use column-level encryption to store sensitive data in an encrypted format. After encrypting sensitive data, such as credit card numbers, only users who can provide a secret password can decrypt the data.

        • Connection security

          You can administer the security of the connections to the database server by using authentication and authorization processes.

          • Authentication mechanisms

            You can configure the Informix® server authentication mechanisms to meet varying requirements, such as different security methods required for local and remote connections, database access by users without operating system accounts on the servers host computer, and non-root installation.

          • Internal users (UNIX™, Linux™)

            The DBSA can grant database access to users that do not authenticate on the OS of the host computer by mapping PAM-authenticated users to OS-level entities or by configuring the server to perform internal authentication.

          • Guest account (Windows™)

            Disable the Windows™ Guest account to prevent anonymous logins.

          • Trusted-context objects and trusted connections

            You can use trusted-context objects and trusted connections to increase system performance and security within a three-tier application model.

          • Pluggable authentication modules (UNIX™ or Linux™)

            A Pluggable Authentication Module (PAM) is a well-defined framework for supporting different authentication modules that were originally developed by Sun Microsystems. PAM is supported in both 32- and 64-bit modes on Solaris, Linux™, HP-UX and AIX®.

          • LDAP authentication support on Windows™

          • Authentication module deployment

          • Simple password encryption

            The simple password communication support module (SPWDCSM) provides password encryption.

          • Single sign-on

            Single sign-on is an authentication feature that bypasses the requirement to provide user name and password after a user logs into the client computer's operating system.

            • Kerberos authentication

              For single sign-on, the user login process and authentication must employ a Kerberos 5 network infrastructure, including a dedicated Key Distribution Center computer.

            • Setting up an SSO authentication environment

              Establishing SSO authentication for Informix® involves configuration of a secured Key Distribution Center computer and connectivity files, along with generation of client and server service principals.

            • Clients supporting SSO

              Client programs that are available in the can connect to Informix® with SSO.

            • Preparing the Informix® DBMS for Kerberos authentication

              Configure your login process and user authentication to function with a Kerberos 5 mechanism before you set up Informix® for single sign-on.

            • Configuring the HCL Informix® instance for SSO

              Complete the following tasks for the server side of your system to enable SSO functionality with HCL Informix®:

              • Set SQLHOSTS information for SSO

                This task configures the SQLHOSTS connectivity options so that your Informix® instance can support single sign-on.

              • Set up the concsm.cfg file for SSO

                You must specify credentials encryption libraries in the communications support module (CSM) configuration file to enable single sign-on (SSO). In addition, you can control whether SSO functions with Kerberos-defined confidentiality and integrity services.

              • Ensure keytab file has the required key (UNIX™ and Linux™)

                Add the service principal key generated in the Key Distribution Center to the credentials information stored in the keytab file on the Informix® host computer, and then validate that all necessary credentials are stored in this file.

              • Verify Informix® uses Kerberos authentication for SSO

                Before you set up the SQLHOSTS information and concsm.cfg file for the client computer in a single sign-on implementation, verify that your login service is correctly configured to use Kerberos authentication.

            • Configuring ESQL/C and ODBC drivers for SSO

              The steps for preparing the SQLHOSTS information and the Generic Security Services (GSS) CSM configuration file for ESQL/C and ODBC and a client computer are similar to the corresponding server-side setup procedures.

            • Configuring JDBC Driver for SSO

              When JDBC Driver is the client for SSO, use the DriverManager.getConnection() method, with an SSO connection property set to the Informix® service principal.

          • Securing local connections to a host

            The database server administrator (DBSA) can use the SECURITY_LOCALCONNECTION configuration parameter to set up security checking for local connections with the same host.

          • Limiting denial-of-service flood attacks

            Informix® has multiple listener threads (listen_authenticate) to limit denial-of-service (DOS) attacks.

        • Discretionary access control

          Discretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.

        • Label-Based Access Control

          You can use label-based access control (LBAC), an implementation of multi-level security (MLS), to control who has read access and who has write access to individual rows and columns of data.

      • Auditing data security

Configuring the HCL Informix® instance for SSO

Complete the following tasks for the server side of your system to enable SSO functionality with HCL Informix®:

Before you begin

About this task

Procedure

  1. Set SQLHOSTS information for SSO
  2. Set up the concsm.cfg file for SSO
  3. Ensure keytab file has the required key (UNIX and Linux)
  4. Verify Informix uses Kerberos authentication for SSO

Example

What to do next

  • Set SQLHOSTS information for SSO
    This task configures the SQLHOSTS connectivity options so that your Informix® instance can support single sign-on.
  • Set up the concsm.cfg file for SSO
    You must specify credentials encryption libraries in the communications support module (CSM) configuration file to enable single sign-on (SSO). In addition, you can control whether SSO functions with Kerberos-defined confidentiality and integrity services.
  • Ensure keytab file has the required key (UNIX and Linux)
    Add the service principal key generated in the Key Distribution Center to the credentials information stored in the keytab file on the Informix® host computer, and then validate that all necessary credentials are stored in this file.
  • Verify Informix uses Kerberos authentication for SSO
    Before you set up the SQLHOSTS information and concsm.cfg file for the client computer in a single sign-on implementation, verify that your login service is correctly configured to use Kerberos authentication.
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences