Tomcat version: 7.0.62Platform (OS) - Centos 6.6 Steps I perform1) follow the document (http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html) to configure Kerbero. - I use kinit to verify the keytab and service account and it shows. kinit -V -k -t server.keytab HTTP/serviceaccountname.mycompany....@mycompany.com Authenticated to Kerberos v52) configure server.xml to use Active Directory for JNDI add the following to server.xml between Engine and Realm <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://ADServerName:3268"; authentication="simple" referrals="follow" connectionName="serviceaccountn...@mycompany.com" connectionPassword="ServiceAccountpassword" userSearch="(&(objectCategory=person)(sAMAccountName={0}))" userBase="dc=mycompany,dc=com" userSubtree="true" roleSearch="(member={0})" roleName="cn" roleSubtree="true" roleBase="dc=mycompany,dc=com" /> 3) modify web.xml to change authentication <login-config> <auth-method>SPNEGO</auth-method> <realm-name>Manager GUI</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>IIAG_HER_Everyone</role-name> (this is the AD group name) </security-role> The result is still not able to authenticate. Based on the log, I don't see the tomcat try to authenticate using the Kerberos. Pleae advice further
