The Kerberos security driver supports credential delegation when using the MIT Kerberos Generic Security Services (GSS) library. This allows you to set up an Open Server gateway application that uses the delegated client credentials when establishing a connection with a remote server.
Establishing a connection with a remote server
using credential delegation
This is an example of a call sequence you can employ when using credential delegation. The ctos example in $SYBASE/ OCS-15_0/sample/srvlibrary. connect.c contains an example of the properties mentioned here:
The client application requests for credential delegation and forwards the credential to the gateway connection using:
ct_con_props(..., CS_SET, SRV_SEC_DELEGATION, ...)
The connection handler of the gateway application checks whether the client requested credential delegation:
if (srv_thread_props(..., CS_GET,
SRV_T_SEC_DELEGATION, ...))
{...}
The connection handler retrieves the delegated client credentials:
srv_thread_props(..., CS_GET, SRV_T_SEC_DELEGCRED, ...)
The client application sets the delegated credentials in the Client-Library connection structure for use in connecting to the remote server:
ct_con_props(..., CS_SET, CS_SEC_CREDENTIALS, ...)
The client application attempts to connect to the remote server using ct_connect.
You can also request for credential delegation using isql and bcp option -Vd. For more information, see the Open Client and Open Server Programmer’s Supplement for UNIX.
For detailed information on using credential delegation, see the Open Server Server-Library/C Reference Manual and the Open Client Client-Library/C Reference Manual.
