Security Manager

When the security manager has been enabled, in addition to the SocketPermissions needed to communicate with the peer, a TLS client application that uses the Kerberos cipher suites also needs the following permission.

javax.security.auth.kerberos.ServicePermission(serverPrincipal, "initiate");

where serverPrincipal is the Kerberos principal name of the TLS server that the TLS client will be communicating with, such as host/mach1.imc.org@IMC.ORG. A TLS server application needs the following permission.

javax.security.auth.kerberos.ServicePermission(serverPrincipal, "accept");

where serverPrincipal is the Kerberos principal name of the TLS server, such as host/mach1.imc.org@IMC.ORG. If the server or client needs to contact the KDC (for example, if its credentials are not cached locally), it also needs the following permission.

javax.security.auth.kerberos.ServicePermission(tgtPrincipal, "initiate");

where tgtPrincipal is principal name of the KDC, such as krbtgt/IMC.ORG@IMC.ORG.