Configuration and policy files

Kerberos configuration file
IBM JGSS uses a Kerberos configuration file. The default name and location of the Kerberos configuration file depends on the operating system being used. The default configuration file is searched for in the following order:
  • The file referenced by the Java™ property
  • <java.home>/lib/security/krb5.conf
  • c:\winnt\krb5.ini on Microsoft Windows platforms
  • /etc/krb5/krb5.conf on Unix platforms
  • /etc/krb5.conf on Linux® platforms
You can also specify Kerberos configuration items by using system properties instead of a configuration file. For more information, see Some JGSS Used Java Properties.
JAAS configuration file
The use of the JAAS login feature requires a JAAS configuration file. This file can be specified either as the value of the Java property or as the value of the property login.config.url.<n> in the <jdk>/jre/lib/security/ file. Consult your JAAS documentation for further details.
JAAS authorization policy file
When using the default policy implementation, JAAS permissions are granted to entities by recording the permissions in a policy file. The policy file can be specified either as the value of the Java property or as the value of the property policy.url.<n> in the <jdk>/lib/security/ file. See your JAAS documentation for further details.
Java security properties file
Many important security properties used in a Java Virtual Machine (JVM) are set in the file usually located in the <jdk>/jre/lib/security directory. Some of the relevant properties that can be set in this security properties file are:
  • security.provider.<n>: for statically registering cryptographic provider classes. The security list must include
  • policy.provider: CodeSource-based authorization policy object class, for example
  • policy.url.<n>: URLs of CodeSource-based and principal-based policy files. To use the sample policy file, include an entry such as
  • login.configuration.provider: JAAS login configuration handler class, for example
  • login.config.url.<n>: URLs for JAAS login configuration files. To use the sample configuration file, include an entry similar to