Using the Driver : Required Permissions for Java Platform : Permissions for Kerberos Authentication

Permissions for Kerberos Authentication

To use Kerberos authentication, the application and driver code bases must be granted security permissions in the security policy file of the Java Platform as shown in the following code example.

grant codeBase "file:/install_dir/lib/-" {
   permission javax.security.auth.AuthPermission
      "createLoginContext.DDTEK-JDBC";
   permission javax.security.auth.AuthPermission "doAs";
   permission javax.security.auth.kerberos.ServicePermission
      "krbtgt/your_realm@your_realm", "initiate";
   permission javax.security.auth.kerberos.ServicePermission
      "principal_name/db_hostname@your_realm", "initiate";
};

where:

install_dir

is the product installation directory.

your_realm

is the Kerberos realm (or Windows Domain) to which the database host machine belongs.

principal_name

is the service principal name registered with the Key Distribution Center (KDC) that identifies the database service.

db_hostname

is the host name of the machine running the database.