Thank you for the reply, I filed a defect for Tomcat 7: https://issues.apache.org/bugzilla/show_bug.cgi?id=57022
I managed to pass through the failure by setting useDelegatedCredential=false in the JNDIRealm, but still I think that it is important to find a solution for this, since if it works, it should provide stronger authentication to LDAP (using the delegated credential). I will try to test this with file-based Kerberos credential cache to see if Tomcat/Ldap would be able to find the needed TGT there and succeed with Kerberos auth to LDAP. Regards, Detelin 2014-09-26 1:44 GMT+03:00 Konstantin Kolinko <knst.koli...@gmail.com>: > 2014-09-26 2:24 GMT+04:00 <detelinyorda...@gmail.com>: > > Hello everyone, > > I'm successfully using Tomcat 7.0.55 configured with Spnego > > authentication against Active Directory running Windows 2008 Server and > Java > > 1.7.0.51. However, after switching to Java 1.8.0_20, authentication does > not > > work anymore, Tomcat logs the following error message: > > > > <....> > > > > Tomcat is configured according to the "Windows Authentication How-To" > > document, I'm attaching the krb5.ini, jaas.conf and server.xml that > contains > > the JNDIRealm definition. > > I am seeing only log.txt and server.xml, so at least two other files > are missing. Sending attachments to this mailing list is discouraged, > as the mailing list software is configured to remove ones that it does > not recognize. > > I acknowledge your report as well-written and valid one, so please > file it into Bugzilla. You may upload the files there. > > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >