Dear all:
I succesfully configured Jboss 5.1 server with JbossNegotiation to autnenticate client using kerberos against AD. By trial and error, I found out only JbossNegotiation 2.0.4GA can work with Jboss 5.1 against Windows server 2008.
one thing that I don't understand is that why the server need to authenticate to the KDC for every client login? The Jboss server already has a keytab file which contains the server secret key which should be sufficient enough to decrypt client ticket ?
Also, according to the diagram http://en.wikipedia.org/wiki/File:Kerberos.png, there is no connection between application server and KDC.
Will be appreciated if anyone can answer.
Regards
Ivan Chung