Permissions for Kerberos authentication
To use Kerberos authentication with the JDBC Client running under a security manager, the application and driver code bases must be granted security permissions in the security policy file of the Java 2 Platform as shown in the following example.
grant codeBase "file:/install_dir /lib/-" {
permission javax.security.auth.AuthPermission "createLoginContext.JDBC_DRIVER_01";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.kerberos.ServicePermission "krbtgt/your_realm@your_realm", "initiate";
permission javax.security.auth.kerberos.ServicePermission "principal_name /hostname @your_realm ", "initiate";
};
where:
install_dir is the JDBC Client installation directory.
principal_name is the service principal name registered with the Kerberos Key Distribution Center (KDC) that identifies the service.
your_realm is the Kerberos realm (or Windows Domain) to which the OpenAccess SDK Server host machine belongs.
hostname is the host name of the machine running the service.