SSO connection is broken due to 25582 error

Technote (troubleshooting)


Problem(Abstract)

Informix SSO session issues may be experienced because of Kerberos GSS-API context expiration.
Informix provides SSO support using Kerberos 5 and the Generic Security Services Application Programming Interface (GSS-API) open standards.
Imformix Server support for SSO is provided as a separate communication support module called GSSCSM.
Roughly speaking SSO GSSCSM module is an interface layer between Informix and system specific GSS-API library. Like Pluggable Authentication Modules (PAM) this authentication mechanism implies that Informix depends on OS specific implementation of MIT Kerberos GSS-API.

Symptom

When a client application establish a SSO session with Informix server the session may be finished with the error:


“25582: Network connection is broken”

when the Kerberos tickets expire.

Cause

Such error may occur because of earlier Kerberos GSS-API implementation issue.

This is fixed in MIT Kerberos release 1.8.3 and above.

Reference http://web.mit.edu/kerberos/krb5-1.8

Major changes in MIT Kerberos 1.8.3
Behavior Change:
GSS-API context expiration -- the gss_wrap and gss_unwrap functions no longer check for ticket expiration. Applications wishing to enforce ticket lifetimes should check using the gss_inquire_context function. The previous behavior of checking for ticket expiration produced results that were not expected by application developers, and could lead to poor user experience.


Resolving the problem

Refer the OS vendor documentation for details regarding GSS-API implementation.

Related information

Using single sign on authentication with Informix Dynam

Rate this page:

(0 users)Average rating

Document information


More support for:

Informix Servers

Software version:

11.5, 11.70

Operating system(s):

AIX, HP-UX, Linux, Solaris

Reference #:

1576544

Modified date:

2012-11-19

Translate my page

Machine Translation

Content navigation