derby.authentication.provider The derby.authentication.provider property specifies the authentication provider for user authentication. derby.authentication.provider property Authentication providerspecifying

Legal values include:

  • NATIVE:credentialsDB

    NATIVE authentication using credentialsDB, a dedicated database, to store user credentials. This value must be set by using system-wide Java Virtual Machine (JVM) properties or by using the derby.properties file; it cannot be set in the database by using the SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY system procedure. When this system-wide value is set, credentialsDB is used to authenticate all operations. Individual databases can override this directive by specifying their own value for derby.authentication.provider.

    The value of credentialsDB must be a valid name for a database.

  • NATIVE:credentialsDB:LOCAL

    NATIVE authentication using credentialsDB for system-wide operations, but using an individual database's to authenticate connections to that database. This value must be set by using system-wide JVM properties or by using the derby.properties file; it cannot be set in the database by using the SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY procedure.

  • LDAP

    An external LDAP directory service.

  • A complete Java class name

    A user-defined class that provides user authentication.

For more information about these settings, see "Configuring NATIVE authentication" and "Configuring LDAP authentication" in the .

To enable any user authentication setting other than NATIVE, you must set the derby.connection.requireAuthentication property to true. If you specify NATIVE authentication, behaves as if the derby.connection.requireAuthentication and derby.database.sqlAuthorization properties were also set.

When using NATIVE authentication, you can also set the following related properties:

When using NATIVE authentication, the database owner calls the SYSCS_UTIL.SYSCS_CREATE_USER system procedure to create users, and can also call the following additional user management procedures:

  • SYSCS_UTIL.SYSCS_DROP_USER
  • SYSCS_UTIL.SYSCS_RESET_PASSWORD

When using NATIVE authentication, any user can call the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD system procedure to change that user's password.

For more information about user authentication, see "Configuring user authentication" in the .

When using an external authentication service provider (LDAP), you must also set:

  • derby.authentication.server

When using LDAP, you can set other LDAP-specific properties. See also:

Alternatively, you can write your own class to provide a different external authentication service. This class must implement the public interface org.apache.derby.authentication.UserAuthenticator and throw exceptions of the type java.sql.SQLException where appropriate. Using a user-defined class makes adaptable to various naming and directory services. For example, the class could allow to hook up to an existing user authentication service that uses any of the standard directory and naming service providers to JNDI.

Syntax derby.authentication.provider={ NATIVE:credentialsDB | NATIVE:credentialsDB:LOCAL | LDAP | classProviderName }
Default

No authentication.

Example -- system-wide property derby.authentication.provider=NATIVE:MyCredsDB:LOCAL -- database-wide property CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY( 'derby.authentication.provider', 'LDAP')
Dynamic or static

Static. For system-wide properties, you must reboot for the change to take effect. For database-wide properties, you must reboot the database for the change to take effect.