ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssuse.htm

91 lines
7.0 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Running IBM JGSS applications" />
<meta name="abstract" content="The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE)." />
<meta name="description" content="The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE)." />
<meta name="DC.Relation" scheme="URI" content="rzahajgssover.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconcept.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsscfgmain.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdebug.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgsssamp.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssjavadoc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssusejaas.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssusejaas10.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssusejaas20.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconfigs.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssuse" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Running IBM JGSS
applications</title>
</head>
<body id="rzahajgssuse"><a name="rzahajgssuse"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Running IBM JGSS
applications</h1>
<div><p>The IBM<sup>®</sup> Java™ Generic
Security Service (JGSS) API 1.0 shields secure applications from the complexities
and peculiarities of the different underlying security mechanisms. JGSS uses
features provided by Java Authentication and Authorization Service
(JAAS) and IBM Java Cryptography
Extension (JCE).</p>
<p>JGSS features include:</p>
<ul><li>Identity authentication</li>
<li>Message integrity and confidentiality</li>
<li>Optional JAAS Kerberos login interface and authorization checks</li>
</ul>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzahajgssusejaas.htm">Obtaining Kerberos credentials and creating secret keys</a></strong><br />
The GSS-API does not define a way to get credentials. For this
reason, the IBM JGSS
Kerberos mechanism requires that the user obtain Kerberos credentials. This
topic instructs you on how to obtain Kerberos credentials and create secret
keys, and about using JAAS to perform Kerberos logins and authorization checks
and review a list of JAAS permissions required by the Java virtual
machine (JVM). </li>
<li class="ulchildlink"><strong><a href="rzahajgssusejaas10.htm">The Kinit and Ktab tools</a></strong><br />
Your choice of a JGSS provider determines which tools that you use to obtain Kerberos credentials and secret keys.</li>
<li class="ulchildlink"><strong><a href="rzahajgssusejaas20.htm">JAAS Kerberos login interface</a></strong><br />
IBM JGSS
features a Java Authentication and Authorizaiton Service (JAAS)
Kerberos login interface. You can disable this feature by setting the Java property
javax.security.auth.useSubjectCredsOnly to false.</li>
<li class="ulchildlink"><strong><a href="rzahajgssconfigs.htm">Configuration and policy files</a></strong><br />
JGSS and JAAS depend on several configuration and policy files. You need to edit these files to conform to your environment and application. If you do not use JAAS with JGSS, you can safely ignore the JAAS configuration and policy files.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssover.htm" title="The Java Generic Security Service (JGSS) provides a generic interface for authentication and secure messaging. Under this interface you can plug a variety of security mechanisms based on secret-key, public-key, or other security technologies.">IBM Java Generic Security Service (JGSS)</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajgssconcept.htm" title="JGSS operations consist of four distinct stages, as standardized by the Generic Security Service Application Programming Interface (GSS-API).">JGSS concepts</a></div>
<div><a href="rzahajgsscfgmain.htm" title="How you configure your iSeries server to use JGSS depends on which version of the Java 2 Software Development Kit (J2SDK) that you run on your server.">Configuring your iSeries server to use IBM JGSS</a></div>
<div><a href="rzahajgssdev.htm" title="Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.">Developing IBM JGSS applications</a></div>
<div><a href="rzahajgssdebug.htm" title="When you are trying to identify JGSS problems, use the JGSS debugging capability to produce helpful categorized messages.">Debugging</a></div>
<div><a href="rzahajgsssamp.htm" title="The IBM Java Generic Security Service (JGSS) sample files include client and server programs, configuration files, policy files, and javadoc reference information. Use the sample programs to test and verify your JGSS setup.">Samples: IBM Java Generic Security Service (JGSS)</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzahajgssjavadoc.htm" title="The javadoc reference information for IBM JGSS includes classes and methods in the org.ietf.jgss api package and the Java versions of some Kerberos credential management tools.">IBM JGSS javadoc reference information</a></div>
</div>
</div>
</body>
</html>