With NATIVE authentication, a database can become a credentials
database in any of several ways.
- When the database is being created, it is identified as the credentials
database by the system-level property setting
derby.authentication.provider=NATIVE:credentialsDB.
- When the database is being created, LOCAL authentication of connections is
specified by the system-level property setting
derby.authentication.provider=NATIVE:credentialsDB:LOCAL.
- When the database already exists, the
Database Owner calls the
SYSCS_UTIL.SYSCS_CREATE_USER system procedure to store the
Database Owner's credentials in the database. If the Database Owner calls this
procedure to store another user's credentials first, an error is raised.
When a database becomes a credentials database, the following things
happen:
- The value of derby.authentication.provider=NATIVE::LOCAL
is stored in the database, marking it as a credentials database.
- From this point forward, the value of
derby.authentication.provider cannot be overridden or changed
for connections to this database.
- If the database is being newly created, the Database Owner's credentials
(provided in the connection arguments) are stored in the database's SYSUSERS
system table.
- All future connections to the database are authenticated against the
credentials in its SYSUSERS system table.