Configuration and policy files
- Kerberos configuration file
- IBM JGSS uses a Kerberos configuration
file. The default name and location of the Kerberos configuration file depends on the operating
system being used. The default configuration file is searched for in the following order:
- The file referenced by the Java™ property java.security.krb5.conf
- <java.home>/lib/security/krb5.conf
- c:\winnt\krb5.ini on Microsoft Windows platforms
- /etc/krb5/krb5.conf on Unix platforms
- /etc/krb5.conf on Linux® platforms
- JAAS configuration file
- The use of the JAAS login feature requires a JAAS configuration file. This file can be specified either as the value of the Java property java.security.auth.login.config or as the value of the property login.config.url.<n> in the <jdk>/jre/lib/security/java.security file. Consult your JAAS documentation for further details.
- JAAS authorization policy file
- When using the default policy implementation, JAAS permissions are granted to entities by recording the permissions in a policy file. The policy file can be specified either as the value of the Java property java.security.policy or as the value of the property policy.url.<n> in the <jdk>/lib/security/java.security file. See your JAAS documentation for further details.
- Java security properties file
- Many important security properties used in a Java Virtual
Machine (JVM) are set in the java.security file usually located in the
<jdk>/jre/lib/security directory. Some of the relevant properties that can
be set in this security properties file are:
- security.provider.<n>: for statically registering cryptographic provider classes. The security list must include com.ibm.crypto.provider.IBMJCE
- policy.provider: CodeSource-based authorization policy object class, for example
policy.provider=sun.security.provider.PolicyFile
- policy.url.<n>: URLs of CodeSource-based and principal-based policy files. To use the sample
policy file, include an entry such as
policy.url.1=file:c:/ibmjgss/sample/jgss/config/java.policy
- login.configuration.provider: JAAS login configuration handler class, for example
login.configuration.provider=com.ibm.security.auth.login.ConfigFile
- login.config.url.<n>: URLs for JAAS login configuration files. To use the sample
configuration file, include an entry similar to
login.config.url.1=file:c:/ibmjgss/sample/jgss/config/jaas.conf