Some JGSS Used Java Properties
You can configure some aspects of JGSS by specifying Java™ Properties.
For Kerberos, you can use system properties to configure your Kerberos environment during run
time. These system properties override values that are specified in a Kerberos configuration file.
| Property | Notes |
|---|---|
| java.security.krb5.conf | Kerberos configuration file |
| java.security.krb5.kdc | Kerberos key distribution center (KDC) for the default realm, if not specified in the Kerberos configuration file |
| java.security.krb5.realm | Kerberos default realm, if not specified in the Kerberos configuration file |
| javax.security.auth.useSubjectCredsOnly | True by default. Set to false to enable JAAS Kerberos login when JGSS cannot get credentials from the current Subject. |
| java.security.auth.login.conf | JAAS login configuration file |
| java.security.policy | JAAS authorization policy file |
| java.security.manager | Security Manager to be used for authorization checks, and so on |
| com.ibm.security.jgss.debug | JGSS debug control |
 com.ibm.security.krb5.acceptor.sequence.number.nonmutual |
Specifies the acceptor's initial sequence number when mutual authentication is not requested by the Kerberos V5 initiator. The default value is initiator, which specifies that the initiator and the acceptor both assume that the acceptor's initial sequence number is the same as the initiator's. If set to zero or 0, both assume the acceptor's initial sequence number is 0. Other values trigger an error when the system property is read. If you use this system property, you must set it to a matching value on both the initiator and acceptor. |
 com.ibm.security.krb5.enctypes |
Specifies encryption types (default_tgs_enctypes and
default_tkt_enctypes) when a Kerberos configuration file is not used. For
more information and possible values, see Supported Encryption Types. |
| com.ibm.security.krb5.Krb5Debug | Kerberos debug control |
 com.ibm.security.krb5.autodeducerealm |
False by default. A security permission check is performed on a principal with
deduced realm. The check ensures that only the authorized principal can initiate or accept secure
connections. If the value of this property is true, there is no security check performed. |