SECCHK packet

The SECCHK packet is sent by the client as part of the authentication protocol. Its format depends on the type of authentication in use.

Properties

• RDBNAM (string): the name of the database that is being connected to

• SECMEC (int): the code for the authentication mechanism being used. See ACCSECRD for the meaning of the code.

When the standard user ID/password authentication mechanism (SECMEC == 3) is in use, this packet will have the following properties:

• USRID (string): the name of the database user that is attempting to log in

• PASSWORD (string): the database user's password

If a different authentication mechanism is being used (SECMEC !== 3), then USRID and PASSWORD will be null.

Example

You could modify the contents of this packet in a JavaScript request filter with parameter Packet Types set to SECCHK and the code:

const pkt = context.packet;

if (pkt.SECMEC !== 3) {

    log.info("Authentication mechanism is not user ID/password, returning...");

    return;

}

if (pkt.USRID === 'DB2INST1') {

    if (pkt.PASSWORD !== 'Password1') {

        log.info("Correcting password for DB2INST1...");

        pkt.PASSWORD = 'Password1';

    }

    else {

        log.info("Password is correct");

    }

}

Remember that this would only work when using the standard user id/password authentication mechanism to DB2. Other authentication mechanisms, such as Kerberos, may not even use this type of packet.