Security Manager
When the security manager has been enabled, in addition to the
SocketPermission
s
needed to communicate with the peer, a TLS client application that uses the Kerberos cipher suites
also needs the following permission.
javax.security.auth.kerberos.ServicePermission(serverPrincipal, "initiate");
where serverPrincipal is the Kerberos principal name of the TLS server that the
TLS client will be communicating with, such as host/mach1.imc.org@IMC.ORG
. A TLS
server application needs the following permission.
javax.security.auth.kerberos.ServicePermission(serverPrincipal, "accept");
where serverPrincipal is the Kerberos principal name of the TLS server, such as
host/mach1.imc.org@IMC.ORG
. If the server or client needs to contact the KDC (for
example, if its credentials are not cached locally), it also needs the following permission.
javax.security.auth.kerberos.ServicePermission(tgtPrincipal, "initiate");
where tgtPrincipal is principal name of the KDC, such as
krbtgt/IMC.ORG@IMC.ORG
.