Dear all:

I succesfully configured Jboss 5.1 server with JbossNegotiation to autnenticate client using kerberos against AD.  By trial and error, I found out only JbossNegotiation  2.0.4GA  can work with Jboss 5.1 against Windows server 2008.

one thing that I don't understand is that why the server need to authenticate to the KDC for every client login? The Jboss server already has a keytab file which contains the server secret key which should be sufficient enough to decrypt client ticket ?

Also, according to the diagram  http://en.wikipedia.org/wiki/File:Kerberos.png, there is no connection between application server and KDC.

Will be appreciated if anyone can answer.

Regards

Ivan Chung