The error messages given for an authorization failure is SQ30082.
Authorization failure on distributed database connection attempt.
The cause section of the message gives a reason code and a list of meanings for the possible reason codes. Reason code 17 means that there was an unsupported security mechanism (SECMEC).
DB2 Universal Database™ for iSeries™ implements several Distributed Relational Database Architecture™ (DRDA®) SEMECs that an iSeries application requester (AR) can use:
The encrypted password is sent only if a password is available at the time the connection is initiated.
The default SECMEC for an iSeries server requires user IDs with passwords. If the application requester sends a user ID with no password to a server, with the default security configuration, error message SQ30082 with reason code 17 is given.
The DDM TCP/IP server's authentication setting can be changed either using the Change DDM TCP/IP Attributes (CHGDDMTCPA) command or by using Operations Navigator's .
You can send a password by either using the USER/USING form of the SQL CONNECT statement, or by using the Add Server Authentication Entry (ADDSVRAUTE) command to add the remote user ID and the password in a server authorization entry for the user profile under which the connection attempt is made. In V4R5 and later systems, an attempt is automatically made to send the password encrypted. Note that pre-V4R5 iSeries servers cannot send encrypted passwords, nor can they decrypt encrypted passwords of the type sent by V4R5 iSeries ARs.
Note that you have to have system value QRETSVRSEC (retain server security data) set to '1' to be able to store the remote password in the server authorization entry.