Informix SSO session issues may be experienced because of Kerberos GSS-API context expiration.
Informix provides SSO support using Kerberos 5 and the Generic Security Services Application Programming Interface (GSS-API) open standards.
Imformix Server support for SSO is provided as a separate communication support module called GSSCSM.
Roughly speaking SSO GSSCSM module is an interface layer between Informix and system specific GSS-API library. Like Pluggable Authentication Modules (PAM) this authentication mechanism implies that Informix depends on OS specific implementation of MIT Kerberos GSS-API.
When a client application establish a SSO session with Informix server the session may be finished with the error:
“25582: Network connection is broken”
when the Kerberos tickets expire.
Such error may occur because of earlier Kerberos GSS-API implementation issue.
This is fixed in MIT Kerberos release 1.8.3 and above.
Major changes in MIT Kerberos 1.8.3
GSS-API context expiration -- the gss_wrap and gss_unwrap functions no longer check for ticket expiration. Applications wishing to enforce ticket lifetimes should check using the gss_inquire_context function. The previous behavior of checking for ticket expiration produced results that were not expected by application developers, and could lead to poor user experience.
Resolving the problem
Refer the OS vendor documentation for details regarding GSS-API implementation.