Setspn -A HTTP/site kerbuser
for example if I had a website called support.acme.com and an active directory user called john.smith:
setspn -A HTTP/support.acme.com john.smith
Then after that I would run the following command:
ktpass -princ HTTP/site@KERBEROS_DOMAIN(ALL CAPS) -pass password -mapuser user@enviornment -out c:\temp\user.HTTP.keytab
Once everything is setup, in order to login to the website using kerberos credentials through firefox or internet explorer you would need to do the following:
for Internet Explorer:
1.) Join your computer to your kerberos Domain.
2.) login to your pc using a kerberos domain user.
3.) Setup the following for IE:
a.) go to Tools -> Internet Options -> Click on the “Security” tab.
b.) Click on “Local Intranet” and then “Sites”
c.) Then Click on “Advanced”, Enter your site address here and click “Add”, then “Close”
4.) Now you should be able to authenticate to your site using kerberos.
1.) Join your computer to your kerberos domain which is usually your active directory domain.
2.) Login to your pc using a kerberos domain user which is usually your act ive directory users.
3.) In Firefox go to the address bar and enter “about:config” without the quotes.
5.) Then set the following: network.negotiate-auth.using-native-gsslib to true.
5.) Then leave the page and go to your website and you should be able to login.