Running IBM JGSS applications
The IBM® Java™ Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE).
JGSS features include:
- Identity authentication
- Message integrity and confidentiality
- Optional JAAS Kerberos login interface and authorization checks
- Obtaining Kerberos credentials and creating secret keys
The GSS-API does not define a way to get credentials. For this reason, the IBM JGSS Kerberos mechanism requires that the user obtain Kerberos credentials. This topic instructs you on how to obtain Kerberos credentials and create secret keys, and about using JAAS to perform Kerberos logins and authorization checks and review a list of JAAS permissions required by the Java virtual machine (JVM).
- The Kinit and Ktab tools
Your choice of a JGSS provider determines which tools that you use to obtain Kerberos credentials and secret keys.
- JAAS Kerberos login interface
IBM JGSS features a Java Authentication and Authorizaiton Service (JAAS) Kerberos login interface. You can disable this feature by setting the Java property javax.security.auth.useSubjectCredsOnly to false.
- Configuration and policy files
JGSS and JAAS depend on several configuration and policy files. You need to edit these files to conform to your environment and application. If you do not use JAAS with JGSS, you can safely ignore the JAAS configuration and policy files.
Parent topic:
IBM Java Generic Security Service (JGSS)
Related concepts
JGSS concepts Configuring your server to use IBM JGSS Developing IBM JGSS applications JGSS debugging Samples: IBM Java Generic Security Service (JGSS)