Constructs a
KerberosPrincipal
from the provided string and name type input. The string is assumed to contain a name in the format that is specified in Section 2.1 (Mandatory Name Forms) of
RFC 1964 . Valid name types are specified in Section 6.2 (Principal Names) of
RFC 4120 . The input name must be consistent with the provided name type. (for example,
duke@FOO.COM, is a valid input string for the name type, KRB_NT_PRINCIPAL where
duke represents a principal, and
FOO.COM represents a realm).
If the input name does not contain a realm, the default realm is used. The default realm can be specified either in a Kerberos configuration file or via the java.security.krb5.realm
system property. For more information, see the Kerberos Requirements .
Note that when this class or any other Kerberos-related class is initially loaded and initialized, it may read and cache the default realm from the Kerberos configuration file or via the java.security.krb5.realm system property (the value will be empty if no default realm is specified), such that any subsequent calls to set or change the default realm by setting the java.security.krb5.realm system property may be ignored.
Additionally, if a security manager is installed, a ServicePermission
must be granted and the service principal of the permission must minimally be inside the KerberosPrincipal
's realm. For example, if the result of new KerberosPrincipal("user")
is user@EXAMPLE.COM
, then a ServicePermission
with service principal host/www.example.com@EXAMPLE.COM
(and any action) must be granted.