Support for SPNEGO
IBM JGSS now supports SPNEGO.
IBM JGSS
is a framework that can support multiple security mechanisms; however
GSS-API does not prescribe the method by which GSS-API peers can establish
whether they have a common security mechanism. The Simple and Protected
GSS-API Negotiation (SPNEGO) mechanism is a pseudo security mechanism
that enables GSS-API peers to securely negotiate a common security
mechanism to be used. The SPNEGO protocol is used to negotiate which
security mechanism should be adopted.
- Work with Microsoft's SPNEGO
- If you run IBM's initiator with Microsoft's acceptor or Microsoft's initiator with IBM's acceptor, set the com.ibm.security.spnego.msinterop property to true, which is also the default value. To disable Microsoft mode, set the property to false.
- Work with IBM's old version SPNEGO
- If you run IBM's initiator with IBM's old version (Java™ 5.0 or older) acceptor or IBM's acceptor with old version of initiator, you need to specify Java property com.ibm.security.jgss.spnego2478=true.