Configuring Security for OpenAccess SDK : Required permissions for the Java 2 platform : Permissions for Kerberos authentication

Permissions for Kerberos authentication

To use Kerberos authentication with the JDBC Client running under a security manager, the application and driver code bases must be granted security permissions in the security policy file of the Java 2 Platform as shown in the following example.

grant codeBase "file:/install_dir/lib/-" {
permission javax.security.auth.AuthPermission "createLoginContext.JDBC_DRIVER_01";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.kerberos.ServicePermission "krbtgt/your_realm@your_realm", "initiate";
permission javax.security.auth.kerberos.ServicePermission "principal_name/hostname@your_realm", "initiate";
};

where:

install_dir is the JDBC Client installation directory.

principal_name is the service principal name registered with the Kerberos Key Distribution Center (KDC) that identifies the service.

your_realm is the Kerberos realm (or Windows Domain) to which the OpenAccess SDK Server host machine belongs.

hostname is the host name of the machine running the service.