from the provided string and name type input. The string is assumed to contain a name in the format that is specified in Section 2.1 (Mandatory Name Forms) of RFC 1964
. Valid name types are specified in Section 6.2 (Principal Names) of RFC 4120
. The input name must be consistent with the provided name type. (for example, duke@FOO.COM
, is a valid input string for the name type, KRB_NT_PRINCIPAL where duke
represents a principal, and FOO.COM
represents a realm).
If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm system property. For more information, see the Kerberos Requirements . Additionally, if a security manager is installed, a
ServicePermission must be granted and the service principal of the permission must minimally be inside the
KerberosPrincipal's realm. For example, if the result of
new KerberosPrincipal("user") is
user@EXAMPLE.COM, then a
ServicePermission with service principal
host/www.example.com@EXAMPLE.COM (and any action) must be granted.