Spnego with geronimo requires 3 machines namely a Client machine, a server machine and a Microsoft active directory domain controller. Client and server machine should be part of the active directory domain.
Setting up the Active Directory Domain Controller*
- Create a user in the active directory. Make sure that user you create is unique and not listed in Computers or domain controllers. In our case we have created a user called testuser with the password testuser123.
- Map the service principal name to the user account you created in the previous step. A service principal name(SPN) is HTTP/<Fully_Qualified_Host_Name>. In our case SPN is HTTP/test.xyz.com. You can run the following command to map the SPN to user account.
C:\Program Files\Support Tools>setspn -A HTTP/test.xyz.com testuser. - Next step is to create a keytab file. Run the following command
C:\Program Files\Support Tools>ktpass -out c:\winnt\krb5.keytab -princ HTTP/test.xyz.com@XYZ.COM -mapUser testuser-mapOp set -pass testuser123 -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL
With this step we are done with setting up the Active Directory domain controller machine.