W3cubDocs

Package javax.security.auth.kerberos

package javax.security.auth.kerberos

This package contains utility classes related to the Kerberos network authentication protocol. They do not provide much Kerberos support themselves.

The Kerberos network authentication protocol is defined in RFC 4120. The Java platform contains support for the client side of Kerberos via the org.ietf.jgss package. There might also be a login module that implements LoginModule to authenticate Kerberos principals.

You can provide the name of your default realm and Key Distribution Center (KDC) host for that realm using the system properties java.security.krb5.realm and java.security.krb5.kdc. Both properties must be set. Alternatively, the java.security.krb5.conf system property can be set to the location of an MIT style krb5.conf configuration file. If none of these system properties are set, the krb5.conf file is searched for in an implementation-specific manner. Typically, an implementation will first look for a krb5.conf file in <java-home>/conf/security and failing that, in an OS-specific location.

The krb5.conf file is formatted in the Windows INI file style, which contains a series of relations grouped into different sections. Each relation contains a key and a value, the value can be an arbitrary string or a boolean value. A boolean value can be one of "true", "false", "yes", or "no", and values are case-insensitive.

Since:: 1.4

java.base

Module	Package	Description
javax.security.auth	This package provides a framework for authentication and authorization.
javax.security.auth.callback	This package provides the classes necessary for services to interact with applications in order to retrieve information (authentication data including usernames or passwords, for example) or to display information (error and warning messages, for example).
javax.security.auth.login	This package provides a pluggable authentication framework.
javax.security.auth.spi	This package provides the interface to be used for implementing pluggable authentication modules.
javax.security.auth.x500	This package contains the classes that should be used to store X500 Principal and X500 Private Credentials in a Subject.

Class	Description
DelegationPermission	This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.
EncryptionKey	This class encapsulates an EncryptionKey used in Kerberos.
KerberosCredMessage	This class encapsulates a Kerberos 5 KRB_CRED message which can be used to send Kerberos credentials from one principal to another.
KerberosKey	This class encapsulates a long term secret key for a Kerberos principal.
KerberosPrincipal	This class encapsulates a Kerberos principal.
KerberosTicket	This class encapsulates a Kerberos ticket and associated information as viewed from the client's point of view.
KeyTab	This class encapsulates a keytab file.
ServicePermission	This class is used to protect Kerberos services and the credentials necessary to access those services.

© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.security.jgss/javax/security/auth/kerberos/package-summary.html