Last updated on NOVEMBER 04, 2016
Applies to:Oracle Tuxedo / Tuxedo / 7.1, 8.0
Information in this document applies to any platform
In developing a security plugin, the _ec_sec_atn_gss_accept_sec_context() is not called if a previous call to _ec_sec_atn_gss_init_sec_context() returned GSS_S_COMPLETE, but an output token still needs to be transmitted (indicated by the output_token->length field set to a non-zero value, according to the rfc 1509/2744). This is only the case if the process is authenticating with itself, for example when the BBL boots. The described behavior causes problems when impersonating a user in a GWTDOMAIN process because the authorization token is produced when gss_accept_sec_context() returns GSS_S_COMPLETE.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms