Changing the Encryption Key DB2DB6EKEY

The environment variable DB2DB6EKEY contains the key used to encrypt the passwords for <sapsid>admand the ABAP database connect user that are stored in file dscdb6.conf. For all SAP application servers that use the same dscdb6.conf file to connect to the database, you must set DB2DB6EKEY to the same string value in the environment of the <sapsid>admuser. The same  value should be set in the environment of user db2<dbsid> on the database server. In addition, you should protect file dscdb6.conf from unauthorized access.

The SAP profiles .dbenv_<hostname>.csh and .dbenv_<hostname>.sh contain the DB2DB6EKEY value. Both files must contain the same string value for DB2DB6EKEY.

To change variable DB2DB6EKEY, you must edit both files even if you only use the C-shell as login shell. This environment variable is set when <sapsid>adm or db2<dbsid> logs on. To activate your changes, log off and log on again as the same user who performed the changes.

Note the following:

·   You can change DB2DB6EKEY at any time when your SAP system is stopped.

·   You must regenerate the password file immediately after having altered DB2DB6EKEY. To do so, enter the following command:
dscdb6up –create <connect user pwd> <sapsid_adm pwd>

See also:

For more information, see the documentation Database Administration Guide: SAP on IBM DB2 Universal Database for UNIX and Windows that is available in SAP Service Marketplace at   ®  Operations.