The configuration that is used by the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association interceptor (TAI) on each selected application server is governed by various system requirements.
Function item | Description |
---|---|
SPNEGO TAI | The SPNEGO TAI is a server side solution in WebSphere Application Server. Client-side applications are responsible for generating the SPNEGO token for use by the SPNEGO TAI. |
Microsoft Windows | Microsoft Windows Servers with Active Directory domain and its associated Kerberos key distribution center (KDC) is required. For information on the supported Microsoft Windows Servers, see the System Requirements for WebSphere Application Server Version 6.1 on Windows. |
Client application (browser or .NET client) | A browser (client application) or .NET client that supports the SPNEGO authentication mechanism, as defined in IETF RFC 2478 is required. |
Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) | SPNEGO authentication, as defined in IETF RFC 2478 is used. |
Internet browsers |
|
Kerberos Level | Kerberos version 5 is required. |
WebSphere Application Server | Version 6.1 is required. |
Java generic security service (JGSS) | Version 1.0.1 is required. |
Java Virtual Machine (JVM) | See Configuring the JVM for information on configuring JVM. |
Java SDK level | Java 5.0 SDK is required. |
Encryption Types | RC4-HMAC encryption is only supported when using a Windows 2003 Server as Kerberos key distribution center (KDC) and is not supported with a Windows 2000 Server. |