Client-Library version 11.1 and later supports Kerberos security features for applications that desire a high level of security when communicating over a network. By installing the required Kerberos software, and performing the appropriate configuration tasks, your Client-Library applications can take advantage of the following Kerberos security features that are supported in this version:
Network authentication
Mutual authentication
Out-of-sequence authentication
Replay detection
Confidentiality
Integrity
Credential delegation (available in SDK 15.0 ESD #10 and later)
To develop and run Client-Library applications that take advantage of Kerberos features, perform the tasks listed in Table 1-3.
Tasks |
For more information |
|---|---|
Install the Kerberos software on your system. |
Refer to your Kerberos documentation and the Open Client and Open Server Configuration Guide for UNIX for instructions. |
Configure the security section of the libtcl.cfg configuration file. |
See the Open Client and Open Server Configuration Guide for UNIX. |
Log in to the Kerberos security environment with the Kerberos kinit utility, before running your Client-Library application. |
Refer to your Kerberos documentation. |
Set the environment variable to the credential cache directory location.:
|
Refer to your Kerberos documentation. Default credential cache directory location varies by platform. |
Set the desired security features using ct_con_props or use the default credentials by not setting ct_con_props |
See the Open Client Client-Library/C Reference Manual. Use CS_SUPPORTED action type in ct_con_props and ct_config to determine if a security feature is supported. |
