RP/TUX 7.1 and 8.0 - _ec_sec_atn_gss_accept_sec_context() is not called by self-authenticating process.

(Doc ID 768378.1)

Last updated on NOVEMBER 04, 2016

Applies to:

Oracle Tuxedo / Tuxedo / 7.1, 8.0
Information in this document applies to any platform

Goal

In developing a security plugin, the _ec_sec_atn_gss_accept_sec_context() is not called if a previous call to
_ec_sec_atn_gss_init_sec_context() returned GSS_S_COMPLETE, but an output token still needs to be transmitted
(indicated by the output_token->length field set to a non-zero value, according to the rfc 1509/2744).

This is only the case if the process is authenticating with itself, for example when the BBL boots.

The described behavior causes problems when impersonating a user in a GWTDOMAIN process because the authorization
token is produced when gss_accept_sec_context() returns GSS_S_COMPLETE.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms