Kerberos connection using HTTP Client

Question

I\'m writing HTTP connection with Kerberos authentication. I have \"HTTP/1.1 401 Unauthorized\". Could you recommend me what I should check? I think there\'s somethink trick, bu

Answer 1

SPNEGO will not work because you use localhost as URL hostname.

Your server is configured for a set of SPNs (or at least one) beginning with HTTP/ registered on the ActiveDirectory service account. You can query them from AD thanks to setspn -l yourServiceAccount.

Your URL must use an effective server hostname known as SPN in ActiveDirectory so that Apache Http Client can negotiate a TGS for this service and send it to your server.