Hi Andrei,Thanks for reply. Kerberos setup is native in microsoft. The way they are setting service principal in AD is not the same as MIT Krb5 that Colm laid out in his blog - I personally believe MIT way is pretty straight forward and clear. So steps in Colm's blog are not enough to get it working with Microsoft AD as KDC. On top Microsoft adding their own PAC part to the ticket which it seems adding issues to ticket validation - am not sure about it yet. There must be couple tricks and tweaks in spn setup; I'm still digging in and will share if I can find it. I was just checking and hoping somebody tried MS Krb5 implementation and have it working with WSS4J/CXF. It seems the answer is no, at least in CXF community. Regards,Sin
-- View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-Kerberos-using-Microsoft-AD-as-KDC-tp5734586p5734769.html Sent from the cxf-user mailing list archive at Nabble.com.
