GSSName Creation

A GSSName represents the identity of a GSSAPI principal. GSSManager has several overloaded methods for creating a GSSName. These methods create a GSSName either from a string or a contiguous array of bytes. The methods interpret the name string or byte array according a name type that must be specified. Finally, each name creation method has a variety for creating a mechanism name (MN), as per shown in the Javadoc for a given mechanism. The byte-array methods are typically used to reconstitute an exported name; the name is typically a mechanism name and of type GSSName.NT_EXPORT_NAME.

To create a GSSName for the user "foo"

GSSName fooName = manager.createName("foo", GSSName.NT_USER_NAME);

To create a Kerberos V5 mechanism name for the same user,

Oid krb5Mech = Oid.getInstance("1.2.840.113554.1.2.2");

GSSName fooName = manager.createName("foo", GSSName.NT_USER_NAME, krb5Mech);

To create a SPNEGO mechanism name for the same user,

Oid spnegoMech = Oid.getInstance("1.3.6.1.5.5.2");

GSSName fooName = manager.createName("foo", GSSName.NT_USER_NAME, spnegoMech);

A mechanism name can be created from a non-mechanism name by using the canonical method of a GSSName:

GSSName fooName = manager.createName("foo", GSSName.NT_USER_NAME);

GSSName fooKrb5Name = fooName.canonicalize(krb5Mech);

Kerberos service name strings must be specified as either <service> or <service@host> where <service> is the name of the service and <host> is the hostname of the machine on which the service runs. The hostname may or may not be fully qualified. Where the "@<host>" portion is omitted, the local hostname is used.