The Kinit and Ktab tools

Using the pure Java™ JGSS provider

If you are using the pure Java JGSS provider, use the IBM^® JGSS Kinit and Ktab tools to obtain credentials and secret keys. The Kinit and Ktab tools use command-line interfaces and provide options similar to those offered by other versions.

• You can obtain Kerberos credentials by using the Kinit tool. This tool contacts the Kerberos Distribution Center (KDC) and obtains a ticket-granting ticket (TGT). The TGT allows you to access other Kerberos-enabled services, including those that use the GSS-API.
• A server can obtain a secret key by using the Ktab tool. JGSS stores the secret key in the key table file on the server. See the Ktab Java documentation for more information.

Alternatively, your application can use the JAAS Login interface to obtain TGTs and secret keys. For more information, see the following:

• com.ibm.security.krb5.internal.tools Class Kinit
• com.ibm.security.krb5.internal.tools Class Ktab
• JAAS login interface.

Using the native iSeries™ JGSS provider

If you are using the native iSeries JGSS provider, use the Qshell kinit and klist utilities. For more information, see Utilities for Kerberos credentials and key tables.