A few questions: * In handleS4U2ProxyReferral():
+ sname = new PrincipalName(PrincipalName.KRB_NT_PRINCIPAL, + sname.getNameStrings(), sname.getRealm());
Why do you use here KRB_NT_PRINCIPAL? Is that the assumption that in AD all services are bound to regular accounts compared to MIT Kerberos?
client1@REALM => HTTP/host@REALM where HTTP/host@REALM is bound to srv$@REALM => postgres/host2@REALM and the transition is done with srv$@REALM?
Michael
