Creating Kerberos principal


Working with Kerberos requires a SPNEGO service ticket to be granted by the Key Distribution Center (KDC). For example, a web browser always requests a key from the KDC in the format HTTP/service.url@REALM.

If Lenses is hosted at lenses-dev.example.com and the realm is EXAMPLE.COM the browser will always ask for a ticket on the principal HTTP/lenses-dev.example.com@EXAMPLE.COM (The realm can usually be omitted as it is part of the system-wide Kerberos settings).

Note: The Kerberos or Active Directory administrator will have to create a principal HTTP/lenses-dev.example.com and provide a password-less keytab to use Lenses with Kerberos authentication.

--
Last modified: May 29, 2023