Constructs a
KerberosPrincipal
from the provided string and name type input. The string is assumed to contain a name in the format that is specified in Section 2.1 (Mandatory Name Forms) of
RFC 1964 . Valid name types are specified in Section 6.2 (Principal Names) of
RFC 4120 . The input name must be consistent with the provided name type. (for example,
duke@FOO.COM, is a valid input string for the name type, KRB_NT_PRINCIPAL where
duke represents a principal, and
FOO.COM represents a realm).
If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm system property. For more information, see the Kerberos Requirements . Additionally, if a security manager is installed, a ServicePermission
must be granted and the service principal of the permission must minimally be inside the KerberosPrincipal
's realm. For example, if the result of new KerberosPrincipal("user")
is user@EXAMPLE.COM
, then a ServicePermission
with service principal host/www.example.com@EXAMPLE.COM
(and any action) must be granted.