Appending the domain name to the username may be necessary to ensure that every logon name is unique across all domains for users that are authenticated externally. For example, without the domain name, joe in domain1 is indistinguishable from joe in domain2.
You can configure the database to append the domain name for external authentication for mechanisms that provide domain information, including the following:
To check on whether the Append Domain Name feature is already set up, do the following:
- Query the Append Domain Name value of the Gateway Control GDO -d option to determine what name the system uses to identify the user.
- If Append Domain is set to no, the system uses the username contained in the logon.
- If Append Domain is set to yes, the name the system uses depends on the mechanism:
- If the mechanism does not provide a domain name, the system uses username.
- If the mechanism provides a domain name, the system uses username@domain.
- To change the current value, toggle it with the -F option for the gtwcontrol command:
For further information about the gtwcontrol utility, see Utilities.
- The database accepts appended domain names only if the corresponding usernames are defined in the database as username@domain, for example, for user “joe” in domain “domain1”, you must define the user similarly to:
CREATE USER "joe@domain1" AS PERM=10000000, PASSWORD=pw1234; GRANT LOGON ON ALL TO "joe@domain" WITH NULL PASSWORD;