When using Kerberos, jConnect relies on several Java classes that implement the Generic Security Services (GSS) API.
Much of this functionality is provided by the org.ietf.jgss.GSSManager class.
jConnect checks the value of GSSMANAGER_CLASS for a GSSManager class object to use in Kerberos authentication.
If the value of GSSMANAGER_CLASS is set to a string instead of a class object, jConnect uses the string to create an instance of the specified class and uses the new instance in Kerberos authentication.
If the value of GSSMANAGER_CLASS is set to something that is neither a GSSManager class object nor a string, or if jConnect encounters a ClassCastException, jConnect throws a SQLException indicating the problem.
Java allows vendors to provide their own implementations of the GSSManager class.
Examples of vendor-supplied GSSManager implementations are those provided by Wedgetail Communications and CyberSafe Limited. Users can configure a vendor-written GSSManager class to work in a particular Kerberos environment. Vendor-supplied GSSManager classes may also offer more interoperability with Windows than the standard Java GSSManager class provides.
Before using a vendor-supplied implementation of GSSManager, be sure to read the vendor documentation. Vendors use system property settings other than the standard Java system properties used for Kerberos and may locate realm names and key distribution center (KDC) entries without using configuration files.