Kerberos plug-in creation

To customize the behavior of Kerberos authentication on a Db2® database system, you can develop your own Kerberos authentication plug-ins.

Consider the following points when creating a Kerberos plug-in:

• Write the Kerberos plug-in as a GSS-API plug-in, but in the initialization function, set the plugintype variable to DB2SEC_PLUGIN_TYPE_KERBEROS for the function pointer array that is returned to the Db2 database instance.
• Under certain conditions, the server reports the server principal name to the client. The Kerberos plug-in must specify principals in the GSS_C_NT_USER_NAME format (that is, server/host@REALM). The GSS_C_NT_HOSTBASED_SERVICE format (that is, service@host) is not supported.