sunches,

Какую задачу вы пытаетесь решить?

Насколько я знаю, не получится подключиться к DB2 for z/OS в режиме AUTHENTICATION=CLIENT.
При попытке подключения в таком режиме будет выдано сообщение:
DB2CMDSQL30082N Security processing failed with reason "17" ("UNSUPPORTED FUNCTION"). SQLSTATE=08001При этом, из DB2 for z/OS можно подключиться к DB2 for MultiPlatforms в режиме AUTHENTICATION=CLIENT.
В целом режим AUTHENTICATION=CLIENT не является рекомендуемым, т.к. это потенциальная "дыра" в безопасности.

Если нужен Single SignOn, ИМХО нужно смотреть в сторону Kerberos.

sunches,

Ответ на вопрос - значение параметра TCPALVER в модуле параметров подсистемы.
DB2 V10 : TCP/IP ALREADY VERIFIED field (TCPALVER subsystem parameter)

Однако память меня подводит, можно (по документации) и CLIENT выставить.
TCPALVERThe TCPALVER subsystem parameter specifies whether DB2® is to accept TCP/IP connection requests that contain only a user ID (no password, RACF® PassTicket, or Kerberos ticket). Or, this parameter specifies if a stronger form of security is required. This parameter is not relevant to trusted context users that have been switched.
Acceptable values: YES, CLIENT, NO, SERVER, SERVER_ENCRYPT
Default: NO (SERVER)
Update: option 32 on panel DSNTIPB
DSNZPxxx: DSN6FAC TCPALVER
Security parameter: Yes

YES
A new connection is accepted with a user ID only.
CLIENT
This value can be used as an alternative to YES.
NO
A user ID and password are required for connection requests, or the connection must be authenticated by a RACF PassTicket or Kerberos ticket. The user ID and password can be encrypted or non-encrypted.
SERVER
This value can be used as an alternative to NO.
SERVER_ENCRYPT
A user ID and password are required for connection requests. Kerberos tickets are also accepted. In addition, one of the following must be true:

The user ID and password is AES (Advanced Encryption Standard)-encrypted.
The connection is accepted on a port that ensures AT-TLS (Application Transparent - Transport Layer Security) policy protection, such as a DB2 security port (SECPORT).

Non-encrypted security credentials or RACF PassTickets are not accepted unless the connection is secured by the TCP/IP network. RACF PassTickets are encoded, which is considered to be a form of security that is weaker than encryption. DES (Data Encryption Standard)-based encryption is also considered insecure.

This value must be the same for all members of a data sharing group. This option applies to all incoming requests that use TCP/IP, regardless of the requesting location.
Note: This is a security-related parameter. If the parameter is set to YES or CLIENT, connections are accepted with a user ID only. Security credentials such as a password are not required to authenticate the user ID that is associated with the connection.
Recommendation: Setting the parameter to SERVER_ENCRYPT provides the best security. Connections are accepted only if user credentials are provided to authenticate the user ID, and strong encryption is used to protect the user ID and credentials.