This README file provides information about the IBM
JavaTM
Generic Security Services Application Programming Interface (JGSS) 1.0.1
· Notices
The JavaTM Generic Security Services API (JGSS), is standardized by the Internet
Engineering Task Force (IETF) and adopted by the X/Open Group, and provides a generic
authentication and secure messaging interface under which can be plugged actual
security mechanisms. Such a mechanism may be based on secret-key or public-key
or other security technologies.
By abstracting the complexity and peculiarities of the many underlying security mechanisms to a simple, standardized interface, JGSS provides a huge benefit to the development of secure networking applications: develop the application to the single abstract interface and use it over different security mechanisms without modification.
IBM JGSS
comprises a GSSAPI framework together with a Kerberos V5 mechanism as the
default underlying security system, as well as a SPNEGO mechanism
for negotiating a common security mechanism between two parites. . It also features
a JavaTM Authentication And
Authorization Service (JAAS) LoginModule for creating and using Kerberos
credentials. In addition, it performs JAAS authorization checks on the use of
those credentials. These JAAS features are optional and may be turned off by
setting the JavaTM property
javax.security.authn.useSubjectCredsOnly to false in the JavaTM Virtual Machine (JVM).
The following documents are provided in the product package and may be consulted for additional information:
1. IBM JGSS Application Developer's Guide: for information on secure application development using IBM JGSS
1. IBM JGSS Security Mechanism
Programmer's Guide: for information on
the development of a security mechanism to be plugged under the IBM JGSS
framework
2. IBM JGSS User's Guide: for help on running IBM JGSS applications.
3. IBM SPNEGO Provider Read Me: for additional information on SPNEGO.
Consult the documentation accompanying the sample programs for information on how to run the samples.
For Java™ GSSAPI specification, consult the Internet Engineering Task Force (IETF) RFC 2743 Generic Security Services Application Programming Interface Version2, Update 1 and RFC 2853 Generic Security Service API Version 2: Java Bindings
IBM JGSS ships as a compressed archive containing the following components:
|
jre\lib\ext\ibmjgssprovider.jar |
The product’s class files |
|
j |
The |
|
docs\jgss\jgssdoc.jar |
The
Java™ docs for the APIs |
|
docs\jgss |
This
readme file, |
|
sample\jgss |
The
class files that make up the sample programs |
|
sample\jgss\config\ |
Sample
configuration files for Kerberos and JAAS |
|
sample\jgss\readme.jgss.ibm.html |
R |
The product is
packaged to ease the installation of Place the
product jar file ibmjgssprovider.jar in your Java™ extensions directory
(<jdk>\jre\lib\ext). Alternatively, you may install the jar file in a
directory of your
choice and set your classpath to include the jar file. For example, if you
placed the jar file in the directory c:\ibmjgss\jar, then your classpath will
be c:\ibmjgss\jar\ibmjgssprovider.jar;%classpath%. See SPNEGO readme file for
SPNEGO installation and configuration information.
IBM JGSS uses cryptographic and
security services not included in the ibmjgssprovider.jar file. These services
are provided by the IBM JCE Provider packagejar files supplied in
the IBM JGSS product package. You must obtain this package separately from IBM Java™ Information Manager (JIM). Place the Provider jarse
jar files in your Java™ extensions directory (<%jdk>%\jre\lib\ext).)
directory. Also, sun.security.provider.Sun and com.ibm.crypto.provider.IBMJCE
must be listed respectively as the number one and two security providers in the
java.security file which is typically located in the <%jdk>%\jre\lib\security
directory of your Java™ JDK installation.
IBM JGSS
requires Java™ Development Toolkit (JDK) 1.3 or later. Java™ Authentication And
Authorization Service (JAAS) 1.0.1 is also required for running applications
that leverage JGSS runtime JAAS features. Furthermore, JAAS 1.0.1 is
required for JGSS application development regardless of whether the application
will use the JAAS features of JGSS.
This edition applies to Java Generic Security Services Application Programming Interface (JGSS) and to all subsequent releases and modifications until otherwise indicated in new editions.
Copyright International Business Machines Corporation 2001. All rights reserved.
Note to U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the users responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM
Director of Licensing IBM Corporation
North Castle Drive Armonk, NY 10504-1758 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
IBM
World Trade Asia Corporation Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106-0032, Japan
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the information. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this information at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
JTCMAIL@uk.ibm.com
[Hursley Java Technology Center (JTC) contact]
Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.
Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
IBM is a trademark of International Business Machines Corporation in the U.S., or other countries, or both.
Java is a trademark of Sun Microsystems, Inc. in the U.S. and other countries. The Java technology is owned and exclusively licensed by Sun Microsystems, Inc.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS.
(c) Copyright IBM Corporation, 2000. All rights reserved.
(c) Copyright 1997, 1999 Sun
Microsystems, Inc.
901 San Antonio Rd., Palo Alto, CA 94303 USA.
All rights reserved.