|
Assigns an alternate login name and password to be used when communicating with a remote server.
CREATE EXTERNLOGIN login-name TO remote-server [ REMOTE LOGIN remote-user [ IDENTIFIED BY remote-password ] ]
CREATE EXTERNLOGIN USER string | variable SERVER string | variable [ REMOTE USER string | variable [ IDENTIFIED BY string | variable ] ]
CREATE EXTERNLOGIN login-name TO remote-server
CREATE EXTERNLOGIN USER string | variable SERVER string | variable
Specifies the database user name. For remote servers, when using integrated logins, the user-name is the database user to which the Windows user or group is mapped. This value can be a string or a variable.
Specify the name of the remote server or the directory access server.
The REMOTE USER clause specifies the user account on the remote server for the database user name. Values for the REMOTE USER clause are restricted to 128 bytes.
Specify the remote password for the remote user. The remote user and remote password combination must be valid on the remote server. The This clause applies only to remote servers, not to directory access servers.
If you omit the IDENTIFIED BY clause, then the password is sent to the remote server as NULL. However, if you specify IDENTIFIED BY "" (an empty string), then the password sent is the empty string.
CREATE EXTERNLOGIN assigns an alternate login name and password to be used when communicating with a remote server.
Connections to a remote server are first attempted using the current executing user's external login. If this user does not have an external login, then the connection is attempted using the DEFAULT LOGIN credentials. If the remote server was created without a DEFAULT LOGIN, and no external login has been defined for the user, then the connection is attempted with the current executing user's ID and password.
The REMOTE LOGIN clause is required only when the remote server requires a user ID and password for the connection. Having an external login without a remote login allows the DBA to control who can access the remote server and tells the remote access layer that logging in to the remote server does not require a user ID and password.
The password is stored internally in encrypted form. The remote-server must be known to the local server by an entry in the ISYSSERVER table.
Sites with automatic password expiration should plan for periodic updates of passwords for external logins.
CREATE EXTERNLOGIN cannot be used from within a transaction.
If you use this statement in a procedure, do not specify the password (IDENTIFIED BY clause) as a string literal because the definition of the procedure is visible in the SYSPROCEDURE system view. For security purposes, specify the password using a variable that is declared outside of the procedure definition.
By default, database users must have external logins to access the directory access server. However, you can configure the directory access server to remove this requirement by creating a default external login that all users can use.
CREATE EXTERNLOGIN assigns an external login to be used when accessing a directory access server.
CREATE EXTERNLOGIN cannot be used from within a transaction.
You must have the MANAGE ANY USER system privilege.
Automatic commit.
Not in the standard.
This fictitious example maps a local user, DBA, to user sa with password Plankton when connecting to the server server1.
CREATE EXTERNLOGIN DBA TO server1 REMOTE LOGIN sa IDENTIFIED BY Plankton;