The JAAS Login Configuration File

The Java Authentication and Authorization Service (JAAS) login configuration file contains one or more entries that specify authentication technologies to be used by applications. To establish Kerberos connections with the driver, the login configuration file must be referenced either by setting the java.security.auth.login.config system property or by setting up a default configuration using the Java security properties file. In addition, the login configuration file must include an entry for the driver. (See "Configuring the Driver for Kerberos Authentication" for details.)

You can create your own JAAS login configuration file, or you can use the JDBCDriverLogin.conf file installed with the driver. This file is installed in the /lib directory of the product installation directory. In either case, the login configuration file must include an entry that specifies the authentication technology to be used by the driver to establish a Kerberos connection.

JAAS login configuration file entries begin with an entry name followed by one or more LoginModule items. Each LoginModule item contains information that is passed to the LoginModule. A login configuration file entry takes the following form.

entry_name {
  login_module flag_value module_options
};

The following examples show that the LoginModule used for a Kerberos implementation depends on your JRE.

Oracle JRE

JDBC_DRIVER_01 {
  com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};

IBM JRE

JDBC_DRIVER_01 {
  com.ibm.security.auth.module.Krb5LoginModule required useDefaultCcache=true;
};

Refer to Java Authentication and Authorization Service documentation for information about the JAAS login configuration file and implementing authentication technologies.