This solution has been tested on Windows 2003 Domain Controller with Active Directory as a KDC and EP 6.0 SP15. SPNegoLoginModule is by default delivered with SP15, however if you need to implement Kerberos in Portal running < SP15 then you have to deploy the spnegoauthlib.sda file.
Step 1: Configuration steps on Domain Controller which is your KDC 1.1. Create a Service user whose password should never expire 1.2. Configuration of the Keytab file After this step, a file will be generated with the extension .keytab. Now execute this command Step 2: J2EE Engine configuration for Kerberos (perform these steps where your WebAS JAVA is installed)
2.1 Importing Kerberos Configuration Files to the J2EE Engine. I copied the file in \usr\sap\EPD folder
2.2 Create another file krb5.conf in the same folder as follows:-
2.3 Configure J2EE engine properties as:- [Do the same configurations on all the Server nodes]
2.4 UME Configuration [We have used user resolution mode as simple ]
2.5 Configuring LoginModule Stacks [Add SPNegoLoginModule to the component Ticket in the Security Provider service in Visual Admin.] 2.6 Create a new policy configuration com.sun.security.jgss.accept and add 2 Login Modules 1. Krb5LoginModule 2. MappingModule 2.7 Login Module(s) in the policy configuration com.sun.security.jgss.accept
1.) Mapping Login Module 2.) Krb5LoginModule
Step 3: Access J2EE Engine with Kerberos Authentication
3.1 Enable Windows Integrated Authentication in your Web browser