An Open Server application may want to establish a secure connection with a client. A secure connection is one which is established after a rigorous authentication of the client’s identity and verification of its password.
Applications can use external security systems offered
by security service providers, rather than including their own security
code. “Security services” explains
how to configure an Open Server application to make use of third-party
security service providers.
An application may perform this security check using one, some, or all of the following methods:
Send the client a challenge, which challenges the client to respond with the matching response.
Send the client an encryption key, to which the client should respond with an encrypted password, which the application may then decrypt and verify.
Send the client a request for security labels, which the client sends to establish the level of security for the connection.
Initiate an application-defined login handshake.
Initiate a transparent security handshake. This requires a security entry in the libtcl.cfg file, and that drivers for the required security services are installed. See “Changes to the interfaces file”, and “Security services”, for more information.
Exchange the security session negotiation data between the remote server and the gateway client using a security session callback. See “Full passthrough gateway with direct security session”, and the Open Client Client-Library/C Reference Manual, for more information on security session callbacks.
An application negotiates a secure login using the srv_negotiate routine inside the SRV_CONNECT event handler.
