This release contains the Oracle JGSS provider, instead of the IBM® JGSS provider.
For JAAS options for Kerberos login, see
JAAS options for Kerberos login.
Table 1. Equivalent functionality in IBM and Oracle JGSS providers
| Attributes and system properties |
IBM |
Oracle |
| JGSS provider name |
IBMJGSSProvider |
SunJGSS. |
| Package containing the JGSS provider |
com.ibm.security.jgss |
sun.security.jgss.SunProvider |
| Package containing the SPNEGO mechanism |
com.ibm.security.jgss.mech.spnego
|
|
| Package containing the Kerberos mechanism |
com.ibm.security.jgss.mech.krb5 |
|
| System property javax.security.auth.useSubjectCredsOnly |
The original purpose of the Oracle Java property is extended to facilitate undocumented WebSphere® support".
|
No Oracle equivalent |
| Support for Kerberos utilities (kinit, klist, and ktab) |
Supported on all platforms. |
Supported only on Windows platforms. On other platforms, use native Kerberos utilities. |
| kinit -c FILE |
Permits only the owner to access the cache file. |
Permits access to the cache file based on the user's umask value. |
| LoginModule in the JAAS configuration file |
com.ibm.security.auth.module.Krb5LoginModule |
com.sun.security.auth.module.Krb5LoginModule |
| Initiate/accept configuration declaration in the JAAS configuration file |
com.ibm.security.jgss.krb5.initiate/accept |
com.sun.security.jgss.krb5.initiate/accept |
| KerberosTokenProfile (WSSKrbToken.jar) |
Available only in version 8, not version 11. Used only by WebSphere Application Server.
|
No Oracle equivalent |
Table 2. Equivalent system properties in IBM and Oracle
JGSS providers
| IBM |
Oracle |
| com.ibm.security.jgss.debug,
com.ibm.security.krb5.Krb5Debug |
sun.security.krb5.debug sun.security.spnego.debug |
| com.ibm.security.krb5.acceptor.subkey |
sun.security.krb5.acceptor.subkey |
| com.ibm.security.krb5.autodeducerealm |
sun.security.krb5.autodeducerealm |
| com.ibm.security.krb5.rcache |
sun.security.krb5.rcache |
| com.ibm.security.spnego.msinterop |
sun.security.spnego.msinterop |
| com.ibm.security.krb5.msinterop.kstring |
sun.security.krb5.msinterop.kstring |
Table 3. System properties available only in IBM JGSS providers
| System property |
IBM |
Oracle |
| com.ibm.security.jgss.internal.authenticatorControl |
Used only by WebSphere Application Server. It is not documented for public consumption.
|
No Oracle equivalent |
| com.ibm.security.jgss.spnegoA8: Yes (See iDoc from rbones@us.ibm.com)
|
SPNEGO has RFC 2478 behavior
|
No Oracle equivalent |
| com.ibm.security.krb5.ignoreConf |
Ignore Kerberos config file |
No Oracle equivalent |
| com.ibm.security.krb5.enctypes |
Specify encryption types (default_tgs_enctypes and
default_tkt_enctypes) when a Kerberos configuration file is not used. |
No Oracle equivalent |
| ibm.security.krb5.msinterop.des.s2kcharset |
Set charset for string-to-key encoding |
No Oracle equivalent |
| javax.security.auth.useAllCreds |
Used only by WebSphere Application Server. It is not documented for public consumption.
|
No Oracle equivalent |
| os400.credentials.ebcdic |
OS400 charset |
No Oracle equivalent |