Some JGSS Used Java Properties

You can configure some aspects of JGSS by specifying Java™ Properties.

For Kerberos, you can use system properties to configure your Kerberos environment during run time. These system properties override values that are specified in a Kerberos configuration file.
Property Notes
java.security.krb5.conf Kerberos configuration file
java.security.krb5.kdc Kerberos key distribution center (KDC) for the default realm, if not specified in the Kerberos configuration file
java.security.krb5.realm Kerberos default realm, if not specified in the Kerberos configuration file
javax.security.auth.useSubjectCredsOnly True by default. Set to false to enable JAAS Kerberos login when JGSS cannot get credentials from the current Subject.
java.security.auth.login.conf JAAS login configuration file
java.security.policy JAAS authorization policy file
java.security.manager Security Manager to be used for authorization checks, and so on
com.ibm.security.jgss.debug JGSS debug control
Start of changes for service refresh 6 fix pack 15com.ibm.security.krb5.acceptor.sequence.number.nonmutualEnd of changes for service refresh 6 fix pack 15 Specifies the acceptor's initial sequence number when mutual authentication is not requested by the Kerberos V5 initiator. The default value is initiator, which specifies that the initiator and the acceptor both assume that the acceptor's initial sequence number is the same as the initiator's. If set to zero or 0, both assume the acceptor's initial sequence number is 0. Other values trigger an error when the system property is read. If you use this system property, you must set it to a matching value on both the initiator and acceptor.
Start of changes for service refresh 3 fix pack 10com.ibm.security.krb5.enctypesEnd of changes for service refresh 3 fix pack 10 Start of changes for service refresh 3 fix pack 10Specifies encryption types (default_tgs_enctypes and default_tkt_enctypes) when a Kerberos configuration file is not used. For more information and possible values, see Supported Encryption Types.End of changes for service refresh 3 fix pack 10
com.ibm.security.krb5.Krb5Debug Kerberos debug control
Start of changes for service refresh 2com.ibm.security.krb5.autodeducerealmEnd of changes for service refresh 2 Start of changes for service refresh 2False by default. A security permission check is performed on a principal with deduced realm. The check ensures that only the authorized principal can initiate or accept secure connections. If the value of this property is true, there is no security check performed. End of changes for service refresh 2