How to use Spring Security Kerberos from developer machine

[dsprowls]

I am new to Kerberos, having used NTLM in the past; so, I apologize if this is trivial.

Based on Mike's blog, http://blog.springsource.com/2009/09...rity-kerberos/, it appears that I have to create a SPN with the url for my application.

Let's assume my production URL will be myapp.mycompany.com. Once I have the SPN created and the keystore for this URL, I would like to be able to configure and test everything from my local machine; however, it is my understanding that I must use the URL myapp.mycompany.com in my browser or else it will fail.

Would editing my hosts file and pointing myapp.mycompany.com to my local ip address allow me to run the web application on my local machine to test the Kerberos authentication?

If that will not work, is there any other option that does not require having a SPN defined for each developer machine?

Thanks!

[mikewiesner]

You are right, the URL you enter must match the one which is part of the SPN. Additional, if you are using a Windows machine, you cannot test it if client and server runs on the same machine, regardless if you change your name resolution. Windows will not use Kerberos in this situation. Besides this, changing the name resolution should work.