The Kerberos security driver now supports credential delegation when using the MIT Kerberos GSS library. This allows you to set up an Open Server gateway application that uses the delegated client credentials when establishing a connection with a remote server.
Establishing a connection with a remote server
using credential delegation
This is an example of a call sequence you can employ when using credential delegation. You can refer to the ctos example in $SYBASE/ OCS-15_0/sample/srvlibrary. connect.c now contains an example of the properties mentioned here:
The client application requests for credential delegation and forwards the credential to the gateway connection using
ct_con_props(..., CS_SET, SRV_SEC_DELEGATION, ...)
The connection handler of the gateway application checks whether the client requested credential delegation:
if (srv_thread_props(..., CS_GET,
SRV_T_SEC_DELEGATION, ...))
{...}
The connection handler retrieves the delegated client credentials:
srv_thread_props(..., CS_GET, SRV_T_SEC_DELEGCRED, ...)
The client application sets the delegated credentials in the Client-Library connection structure for use in connecting to the remote server:
ct_con_props(..., CS_SET, CS_SEC_CREDENTIALS, ...)
The client application attempts to connect to the remote server using ct_connect.
You can also request for credential delegation using isql and bcp through the new isql and bcp sub-option for the -V parameter: -Vd. This new sub-option will request credential delegation and forward the client credentials to the gateway application. For example:
isql -Vd -SMY_GATEWAY
For detailed information on using credential delegation, see Open Server Server-Library/C Reference Manual and Open Client Client-Library/C Reference Manual.
