ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssusejaas10.htm

71 lines
5.5 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="The Kinit and Ktab tools" />
<meta name="abstract" content="Your choice of a JGSS provider determines which tools that you use to obtain Kerberos credentials and secret keys." />
<meta name="description" content="Your choice of a JGSS provider determines which tools that you use to obtain Kerberos credentials and secret keys." />
<meta name="DC.Relation" scheme="URI" content="rzahajgssuse.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssusejaas.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssusejaas20.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssconfigs.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssusejaas10" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>The Kinit and Ktab tools</title>
</head>
<body id="rzahajgssusejaas10"><a name="rzahajgssusejaas10"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">The Kinit and Ktab tools</h1>
<div><p>Your choice of a JGSS provider determines which tools that you
use to obtain Kerberos credentials and secret keys.</p>
<div class="section"><h4 class="sectiontitle">Using the pure Java™ JGSS provider</h4><p>If you are
using the pure Java JGSS provider, use the IBM<sup>®</sup> JGSS Kinit and Ktab tools to obtain
credentials and secret keys. The Kinit and Ktab tools use command-line interfaces
and provide options similar to those offered by other versions.</p>
<ul><li>You can obtain Kerberos credentials by using the Kinit tool. This tool
contacts the Kerberos Distribution Center (KDC) and obtains a ticket-granting
ticket (TGT). The TGT allows you to access other Kerberos-enabled services,
including those that use the GSS-API.</li>
<li>A server can obtain a secret key by using the Ktab tool. JGSS stores the
secret key in the key table file on the server. See the Ktab Java documentation
for more information. </li>
</ul>
<p> Alternatively, your application can use the JAAS Login interface
to obtain TGTs and secret keys. For more information, see the following:</p>
<ul><li><a href="rzahajgssknit.htm#rzahajgssknit">com.ibm.security.krb5.internal.tools Class Kinit</a></li>
<li><a href="rzahajgssktab.htm#rzahajgssktab">com.ibm.security.krb5.internal.tools Class Ktab</a></li>
<li><a href="rzahajgssusejaas20.dita">JAAS login interface</a>.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Using the native iSeries™ JGSS provider</h4><p>If you
are using the native iSeries JGSS provider, use the Qshell kinit and klist
utilities. For more information, see <a href="../rzahz/kerberos.htm" target="_blank">Utilities for Kerberos credentials and key tables</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssuse.htm" title="The IBM Java Generic Security Service (JGSS) API 1.0 shields secure applications from the complexities and peculiarities of the different underlying security mechanisms. JGSS uses features provided by Java Authentication and Authorization Service (JAAS) and IBM Java Cryptography Extension (JCE).">Running IBM JGSS applications</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajgssusejaas.htm" title="The GSS-API does not define a way to get credentials. For this reason, the IBM JGSS Kerberos mechanism requires that the user obtain Kerberos credentials. This topic instructs you on how to obtain Kerberos credentials and create secret keys, and about using JAAS to perform Kerberos logins and authorization checks and review a list of JAAS permissions required by the Java virtual machine (JVM).">Obtaining Kerberos credentials and creating secret keys</a></div>
<div><a href="rzahajgssusejaas20.htm" title="IBM JGSS features a Java Authentication and Authorizaiton Service (JAAS) Kerberos login interface. You can disable this feature by setting the Java property javax.security.auth.useSubjectCredsOnly to false.">JAAS Kerberos login interface</a></div>
<div><a href="rzahajgssconfigs.htm" title="JGSS and JAAS depend on several configuration and policy files. You need to edit these files to conform to your environment and application. If you do not use JAAS with JGSS, you can safely ignore the JAAS configuration and policy files.">Configuration and policy files</a></div>
</div>
</div>
</body>
</html>