I am trying to get the SPNEGO sample (http://blog.springsource.org/2009/09...rity-kerberos/) up and running, but when I try to run the project I get the below error.
Code:
Caused by: java.lang.IllegalArgumentException: Could not load configuration from SCDynamicStore
	at javax.security.auth.kerberos.KerberosPrincipal.<init>(KerberosPrincipal.java:108)
	at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.afterPropertiesSet(SunJaasKerberosTicketValidator.java:122)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
As well as this error:

Code:
java[14113:f603] Unable to load realm info from SCDynamicStore
I think I have to set up my domain information somewhere. I don't quite know how to do this. I saw this in the comments but I am not clear on how to go about doing so:
Here's what worked for me (it took me 2.5 days to sort this out!).

1. Use Mike's config exactly as it is (except, obviously, changing domain names, etc) especially wrt capitalisation and using FQDN.
2. Use Mike's example of ktpass exactly as it is. You can specify /ptype KRB5_NT_PRINCIPAL if you like, but trying any value for /crypto just didn't work for me.
3. Set up the Java System properties java.security.krb5.kdc AND java.security.krb5.realm to be the fully-qualified name of your Domain Controller and your domain (fully-qualified) in captials.
4. Make sure Internet Explorer in your client thinks that the server is in its Intranet! Don't use the server as a client!
5. For your Service Principal and any users you want to authenticate, in the Account options, disable 'Use Kerberos DES…', enable 'This account supports Kerberos AES 128 bit…', enable 'This account supports Kerberos AES 256 bit…' and disable 'Do not require Kerberos preauthentication'.
6. If you are outside the US, you may need to download the full support for AES 256-bit encryption. Look it up.

In the test system I set up, the domain was vbis.security.local. The Windows Server 2008 machine was called chekov. So the values for the properties were:

java.security.krb5.kdc=chekov.vbis.security.local
java.security.krb5.realm=VBIS.SECURITY.LOCAL
Any help would be greatly appreciated.