Configuration and policy files

Kerberos configuration file
IBM JGSS uses a Kerberos configuration file. The default name and location of the Kerberos configuration file depends on the operating system being used. The default configuration file is searched for in the following order:
  • The file referenced by the Java™ property java.security.krb5.conf
  • <java.home>/lib/security/krb5.conf
  • c:\winnt\krb5.ini on Microsoft Windows platforms
  • /etc/krb5/krb5.conf on Unix platforms
  • /etc/krb5.conf on Linux® platforms
You can also specify Kerberos configuration items by using system properties instead of a configuration file. For more information, see Some JGSS Used Java Properties.
JAAS configuration file
The use of the JAAS login feature requires a JAAS configuration file. This file can be specified either as the value of the Java property java.security.auth.login.config or as the value of the property login.config.url.<n> in the <jdk>/jre/lib/security/java.security file. Consult your JAAS documentation for further details.
JAAS authorization policy file
When using the default policy implementation, JAAS permissions are granted to entities by recording the permissions in a policy file. The policy file can be specified either as the value of the Java property java.security.policy or as the value of the property policy.url.<n> in the <jdk>/lib/security/java.security file. See your JAAS documentation for further details.
Java security properties file
Many important security properties used in a Java Virtual Machine (JVM) are set in the java.security file usually located in the <jdk>/jre/lib/security directory. Some of the relevant properties that can be set in this security properties file are:
  • security.provider.<n>: for statically registering cryptographic provider classes. The security list must include com.ibm.crypto.provider.IBMJCE
  • policy.provider: CodeSource-based authorization policy object class, for example
     policy.provider=sun.security.provider.PolicyFile
  • policy.url.<n>: URLs of CodeSource-based and principal-based policy files. To use the sample policy file, include an entry such as
     policy.url.1=file:c:/ibmjgss/sample/jgss/config/java.policy
  • login.configuration.provider: JAAS login configuration handler class, for example
    login.configuration.provider=com.ibm.security.auth.login.ConfigFile
  • login.config.url.<n>: URLs for JAAS login configuration files. To use the sample configuration file, include an entry similar to
    login.config.url.1=file:c:/ibmjgss/sample/jgss/config/jaas.conf