1 grant {

     2     permission java.util.PropertyPermission "*", "read,write";

     3     permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect";

     4     permission java.io.FilePermission "*", "read,write,delete";

     5     permission java.lang.RuntimePermission "accessDeclaredMembers";

     6     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

     7     permission java.lang.RuntimePermission "accessClassInPackage.*";

     8     permission javax.security.auth.AuthPermission "doAs";

     9     permission javax.security.auth.AuthPermission "getSubject";

    10     permission javax.security.auth.AuthPermission

    11                     "createLoginContext.server_star";

    12     permission javax.security.auth.AuthPermission

    13                     "createLoginContext.server_multiple_principals";

    14     permission javax.security.auth.AuthPermission "modifyPrincipals";

    15     permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read";

    16 

    17     // clients have a permission to use all service principals

    18     permission javax.security.auth.kerberos.ServicePermission "*", "initiate";

    19 

    20     // server has a service permission

    21     // to accept only service1 and service3 principals

    22     permission javax.security.auth.kerberos.ServicePermission

    23                     "host/service1.localhost@TEST.REALM", "accept";

    24     permission javax.security.auth.kerberos.ServicePermission

    25                     "host/service3.localhost@TEST.REALM", "accept";

    26 };