It is a question for learning only. it is not a real time scenario.
I have set DBM CFG authentication CLIENT.
So the user name and password verification happens on the client os.
But the Group Retrieval happens on the Server side.
if I grant ACCESSCTRL to group DUMMY on the database server.
Now I connect to DB from client, different machine, with user name jimmy who is in group dummy in the client os.
the database server OS will not have group dummy at all.
I am able to connect, but with no ACCESSCTRL authority. you can verify it with application snapshot output.
So I go and create group dummy in the DB server OS and also add a user kimmy.
Now I connect to DB from server, with user name kimmy who is in group dummy in the server OS.
It works. I am able to connect, with ACCESSCTRL authority. You can verify it with application snapshot output.
So this confirms that GROUP retrieval happens in Server Side
How to fix it? Is it how it is?
I am not looking for a plugin to be configured at the client side.
If client can do authentication then why not group retrieval too?
Reading KC doc, definitely talks about group_plugin can be
configured at the client side,
which means that Group Association can be done at the client side itself.
I did also configure group_file.c - samples group plugin available in DB2 install samples directory.
I can only observe, that it is not referring to this plugin at all for group associations of a user.
If group retrieval happens only on server, why there is a provision for group_plugin in client side?