Open Server applications can read the properties of a client connection request to determine which security mechanism to use and which services to perform.
By default, an Open Server application supports the security mechanisms listed in the [SECURITY] section of libtcl.cfg. Administrators can further restrict the list of supported mechanisms by adding a secmech attribute to the directory entry for the server.
When an Open Client application requests a security session from an Open Server application, the following occurs:
Server-Library reads the security token that was sent with the client connection request. The security token contains the object identifier for the security mechanism that the client uses.
If the Open Server application’s interfaces entry or directory service entry lists the secmech line/attribute, Server Library searches the secmech line/attribute for a value corresponding to the object identifier specified in the security token. If a matching value is not found, the connection request is rejected.
Server-Library searches objectid.dat to match the object identifier with the local name of the security mechanism.
See Appendix B, “Configuration Files,” for reference information about objectid.dat.
Server-Library loads the security driver associated with the local name of the security mechanism.
The security driver is listed in the [SECURITY] section of libtcl.cfg.
