RP/TUX 7.1 and 8.0 - _ec_sec_atn_gss_accept_sec_context() is not called by self-authenticating process.
(Doc ID 768378.1)
Last updated on JANUARY 19, 2018
Applies to:Oracle Tuxedo / Tuxedo / 7.1, 8.0
Information in this document applies to any platform
In developing a security plugin, the _ec_sec_atn_gss_accept_sec_context() is not called if a previous call to _ec_sec_atn_gss_init_sec_context() returned GSS_S_COMPLETE, but an output token still needs to be transmitted (indicated by the output_token->length field set to a non-zero value, according to the rfc 1509/2744). This is only the case if the process is authenticating with itself, for example when the BBL boots. The described behavior causes problems when impersonating a user in a GWTDOMAIN process because the authorization token is produced when gss_accept_sec_context() returns GSS_S_COMPLETE.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!