The Kinit and Ktab tools

Your choice of a JGSS provider determines which tools that you use to obtain Kerberos credentials and secret keys.

Using the pure Java JGSS provider

If you are using the pure Java™ JGSS provider, use the IBM^® JGSS Kinit and Ktab tools to obtain credentials and secret keys. The Kinit and Ktab tools use command-line interfaces and provide options similar to those offered by other versions.

• You can obtain Kerberos credentials by using the Kinit tool. This tool contacts the Kerberos Distribution Center (KDC) and obtains a ticket-granting ticket (TGT). The TGT allows you to access other Kerberos-enabled services, including those that use the GSS-API.

• A server can obtain a secret key by using the Ktab tool. JGSS stores the secret key in the key table file on the server. See the Ktab Java documentation for more information.

Alternatively, your application can use the JAAS Login interface to obtain TGTs and secret keys.

Using the native System i5 JGSS provider

If you are using the native System i5™ JGSS provider, use the Qshell kinit and klist utilities. For more information, see Utilities for Kerberos credentials and key tables.

Parent topic:

Related concepts
Obtaining Kerberos credentials and creating secret keys JAAS Kerberos login interface Configuration and policy files JAAS Kerberos login interface