View the latest documentation 5.3
Working with Kerberos requires a SPNEGO service ticket to be granted by the Key Distribution Center (KDC).
For example, a web browser always requests a key from the KDC in the format HTTP/service.url@REALM.
If Lenses is hosted at lenses-dev.example.com and the realm is EXAMPLE.COM the browser will always ask for a ticket
on the principal HTTP/lenses-dev.example.com@EXAMPLE.COM (The realm can usually be omitted as it is part of the
system-wide Kerberos settings).
The Kerberos or Active Directory administrator will have to create a principal HTTP/lenses-dev.example.com and
provide a password-less keytab to use Lenses with Kerberos authentication.