IBM® JGSS
includes a native iSeries™ JGSS provider and a pure Java™ JGSS
provider. The provider that you choose to use depends on the needs of your
application.
The pure Java JGSS provider offers the following features:
- Ensures the greatest level of portability for your application.
- Works with the optional JAAS Kerberos login interface.
- Compatible with the Java Kerberos credential management tools.
The native iSeries JGSS
provider offers the following features:
- Uses the native iSeries Kerberos libraries.
- Compatible with Qshell Kerberos credential management tools.
- JGSS applications run faster.
Note: Both JGSS providers adhere to the GSS-API specification and so are compatible
with each other. In other words, an application that uses the pure Java JGSS
provider can interoperate with an application that uses the native iSeries JGSS
provider.
Changing the JGSS provider
Note: If your
server is running J2SDK, version 1.3, before changing to the native iSeries JGSS
provider, make sure that you have configured your server to use JGSS. For
more information, see the following topics:
You can easily change the JGSS provider by using one of the following
options:
- Edit the security provider list in ${java.home}/lib/security/java.security
Note: ${java.home} denotes the path to the location of the version
of Java that
you are using on your server. For example, if you are using J2SDK, version
1.3, ${java.home} is /QIBM/ProdData/Java400/jdk13.
- Specify the
provider name in your JGSS application by using either GSSManager.addProviderAtFront()
or GSSManager.addProviderAtEnd(). For more information, see theGSSManager javadoc.