Configuring JGSS to use the native iSeries JGSS provider

IBM® JGSS uses the pure Java™ provider by default. You also have the option to use the native iSeries™ JGSS provider.

For more information about the different providers, see JGSS providers.

Software requirements

The native iSeries JGSS provider must be able to access classes in IBM Toolbox for Java. For instructions about how to access IBM Toolbox for Java, see Enabling the native iSeries JGSS provider to access IBM Toolbox for Java.

Make sure that you have configured the network authentication service. For more information, see Network authentication service.

Specifying the native iSeries JGSS provider

Before you use the native iSeries JGSS provider with J2SDK, version 1.3, ensure that you have configured your server to use JGSS. For more information, see Configuring your iSeries server to use JGSS with J2SDK, version 1.3. If you are using J2SDK, version 1.4 or subsequent versions, JGSS is already configured.

Note: In the following instructions, ${java.home} denotes the path to the location of the version of Java that you are using on your server. For example, if you are using J2SDK, version 1.4, ${java.home} is /QIBM/ProdData/Java400/jdk14. Remember to replace ${java.home}in the commands with the actual path to the Java home directory.

To configure JGSS to use the native iSeries JGSS provider, complete the following tasks:

Adding a symbolic link

To add a symbolic link to the extension directory for the ibmjgssiseriesprovider.jar file, on an iSeries command line, type the following command (on a single line) and press ENTER:

     ADDLNK OBJ('/QIBM/ProdData/OS400/Java400/ext/ibmjgssiseriesprovider.jar') 
     NEWLNK('${java.home}/lib/ext/ibmjgssiseriesprovider.jar')

After you add a symbolic link to the extension directory for the ibmjgssiseriesprovider.jar file, the extension class loader will load the JAR file.

Adding the provider to the security provider list

Add the native provider to the security provider list in the java.security file.

  1. Open ${java.home}/lib/security/java.security for editing.
  2. Find the security provider list. It should be near the top of the java.security file and should look something like: 
         security.provider.1=sun.security.provider.Sun
     security.provider.2=com.sun.rsajca.Provider
     security.provider.3=com.ibm.crypto.provider.IBMJCE
     security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
  3. Add the native iSeries JGSS provider to the security provider list before the original Java provider. In other words, add com.ibm.iseries.security.jgss.IBMJGSSiSeriesProvider to the list with a lower number than com.ibm.jgss.IBMJGSSProvider, then update the position of IBMJGSSProvider. For example: 
         security.provider.1=sun.security.provider.Sun
     security.provider.2=com.sun.rsajca.Provider
     security.provider.3=com.ibm.crypto.provider.IBMJCE
     security.provider.4=com.ibm.iseries.security.jgss.IBMJGSSiSeriesProvider
     security.provider.5=com.ibm.security.jgss.IBMJGSSProvider

    Notice that the IBMJGSSiSeriesProvider became the fourth entry in the list and IBMJGSSProvider became the fifth entry. Also, check that entry numbers in the security provider list are sequential and that each entry increments the entry number by only one.

  4. Save and close the java.security file.
Parent topic: Configuring your iSeries server to use JGSS with J2SDK, version 1.3