Configure JGSS to use the native System i5 JGSS provider

IBM^® JGSS uses the pure Java™ provider by default. You also have the option to use the native System i5™ JGSS provider.

The native System i5 JGSS provider must be able to access classes in IBM Toolbox for Java. For instructions about how to access IBM Toolbox for Java, see the subtopic below.

Before you use the native System i5 JGSS provider with J2SDK, version 1.3, ensure that you have configured your server to use JGSS. If you are using J2SDK, version 1.4 or subsequent versions, JGSS is already configured.

In the following instructions, ${java.home} denotes the path to the location of the version of Java that you are using on your server. For example, if you are using J2SDK, version 1.4, ${java.home} is /QIBM/ProdData/Java400/jdk14. Remember to replace ${java.home}in the commands with the actual path to the Java home directory.

To configure JGSS to use the native System i5 JGSS provider, complete the following tasks:

Adding a symbolic link

To add a symbolic link to the extension directory for the ibmjgssiseriesprovider.jar file, on an i5/OS^® command line, type the following command (on a single line) and press ENTER:

     ADDLNK OBJ('/QIBM/ProdData/OS400/Java400/ext/ibmjgssiseriesprovider.jar') 
     NEWLNK('${java.home}/lib/ext/ibmjgssiseriesprovider.jar')

After you add a symbolic link to the extension directory for the ibmjgssiseriesprovider.jar file, the extension class loader will load the JAR file.

Adding the provider to the security provider list

Add the native provider to the security provider list in the java.security file.

Open ${java.home}/lib/security/java.security for editing.

Find the security provider list. It should be near the top of the java.security file and should look something like:

     security.provider.1=sun.security.provider.Sun      security.provider.2=com.sun.rsajca.Provider      security.provider.3=com.ibm.crypto.provider.IBMJCE      security.provider.4=com.ibm.security.jgss.IBMJGSSProvider

Add the native System i5 JGSS provider to the security provider list before the original Java provider. In other words, add com.ibm.iseries.security.jgss.IBMJGSSiSeriesProvider to the list with a lower number than com.ibm.jgss.IBMJGSSProvider, then update the position of IBMJGSSProvider. For example:
```
     security.provider.1=sun.security.provider.Sun      security.provider.2=com.sun.rsajca.Provider      security.provider.3=com.ibm.crypto.provider.IBMJCE      security.provider.4=com.ibm.iseries.security.jgss.IBMJGSSiSeriesProvider      security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
```
Notice that the IBMJGSSiSeriesProvider became the fourth entry in the list and IBMJGSSProvider became the fifth entry. Also, check that entry numbers in the security provider list are sequential and that each entry increments the entry number by only one.
Save and close the java.security file.

Enabling the native System i5 JGSS provider to access IBM Toolbox for Java
The native System i5 JGSS provider must be able to access classes in IBM Toolbox for Java.

Parent topic:

Configuring your System i5 to use JGSS with J2SDK, version 1.3

Related information
Network authentication service

Configuring JGSS to use the native System i5 JGSS provider

Parent topic: