To customize the behavior of Kerberos authentication on
a DB2® database system, you can
develop your own Kerberos authentication plug-ins.
Consider the following points when creating a Kerberos plug-in:
- Write the Kerberos plug-in as a GSS-API plug-in, but in the initialization
function, set the plugintype variable to DB2SEC_PLUGIN_TYPE_KERBEROS for
the function pointer array that is returned to the DB2 database instance.
- Under certain conditions, the server reports the server principal
name to the client. The Kerberos plug-in must specify principals in
the GSS_C_NT_USER_NAME format (that is, server/host@REALM).
The GSS_C_NT_HOSTBASED_SERVICE format (that is, service@host)
is not supported.