1 grant {
   2     permission java.util.PropertyPermission "*", "read,write";
   3     permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect";
   4     permission java.io.FilePermission "*", "read,write,delete";
   5     permission java.lang.RuntimePermission "accessDeclaredMembers";
   6     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
   7     permission java.lang.RuntimePermission "accessClassInPackage.*";
   8     permission javax.security.auth.AuthPermission "doAs";
   9     permission javax.security.auth.AuthPermission "getSubject";
  10     permission javax.security.auth.AuthPermission
  11                     "createLoginContext.server_star";
  12     permission javax.security.auth.AuthPermission
  13                     "createLoginContext.server_multiple_principals";
  14     permission javax.security.auth.AuthPermission "modifyPrincipals";
  15     permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read";
  16 
  17     // clients have a permission to use all service principals
  18     permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
  19 
  20     // server has a service permission
  21     // to accept only service1 and service3 principals
  22     permission javax.security.auth.kerberos.ServicePermission
  23                     "host/service1.localhost@TEST.REALM", "accept";
  24     permission javax.security.auth.kerberos.ServicePermission
  25                     "host/service3.localhost@TEST.REALM", "accept";
  26 };