I've been tasked with auditing on some information security aspects of our db2 servers in our organization.To brief it up,we are:

Clients:1500 gupta applications on windows xp workstations
Windows Active Directory Infrastructure for clients (i.e, clients logon to windows domain)
01 db2 server

I also agree being not being very savvy on some db2 technical issues specially on developing client-side applications.

Anyways, during a documentation review something come up to my atention and that was authentication model being used by the client applications that uses db2 server.It was clear to me that authentication is accomplished by db2 server itself because passwords are stored in db2 server in a special user table which is crypted by defacto encrypt function of db2 server.

As far as i understand,db2 can interact with active Directory for authentication purposes and that would avoid storing passwords in db2 table which seems to me very questionable.

My question would be if this interaction between db2 and ms active directory as authentication solution for gupta application is a typical task and not something that current database administrator could have arguments against such integration complexity.
Any other alternative for authentication model would be great too since current password storage is unacceptable as i see it.

Thank you