We have a 3.1 NAM install that is working fine. As part of the migration
to 3.2 i'm trying to get Kerberos working on a new IDP. I've done all of
the usual things, time is in sync and the logs show a commit succeded.

Using IE8 as a browser I get prompted for credentials, then when they
are entered it states the error - Error processing SPNEGO/Kerberos :
Received NTLM Token which currently is Not supported.

Looking at the IDP log it shows that Authentication method Kerberos
requires additional interaction

Funny thing is that NAM3.1 works fine, and also the 3.2 appliance worked
fine when tested. However the 3.2 application appears to fail.

Has anyone had any issues with 3.2 Kerberos like this with the application?

Commit succeeded -

Config name: /etc/krb5.conf
Debug is true storeKey true useTicketCache true useKeyTab true
doNotPrompt true ticketCache is
/opt/novell/java/jre/lib/security/spnegoTicket.cache isInitiator true
KeyTab is /opt/novell/java/jre/lib/security/nidpkey.keytab
refreshKrb5Config is false principal is
HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
null credentials from Ticket Cache
>>> KeyTabInputStream, readName(): xxx.xxx.xxx.xxx
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxx515xxx.xxx.xxxxxx
>>> KeyTab: load() entry length: 68; type: 1
>>> KeyTabInputStream, readName(): xxx.xxx.xxx.xxx
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxx515xxx.xxx.xxxxxx
>>> KeyTab: load() entry length: 68; type: 3
>>> KeyTabInputStream, readName(): xxx.xxx.xxx.xxx
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxx515xxx.xxx.xxxxxx
>>> KeyTab: load() entry length: 76; type: 23
>>> KeyTabInputStream, readName(): xxx.xxx.xxx.xxx
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxx515xxx.xxx.xxxxxx
>>> KeyTab: load() entry length: 92; type: 18
>>> KeyTabInputStream, readName(): xxx.xxx.xxx.xxx
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxx515xxx.xxx.xxxxxx
>>> KeyTab: load() entry length: 76; type: 17

Added key: 17version: 18
Found unsupported keytype (18) for HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
Added key: 23version: 18
Added key: 3version: 18
Added key: 1version: 18
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> KdcAccessibility: reset

Added key: 17version: 18
Found unsupported keytype (18) for HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
Added key: 23version: 18
Added key: 3version: 18
Added key: 1version: 18
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=xx.xx.xx.xx UDP:88, timeout=30000, number of

retries =3, #bytes=171
>>> KDCCommunication: kdc=xx.xx.xx.xx UDP:88, timeout=30000,Attempt =1,

#bytes=171
>>> KrbKdcReq send: #bytes read=706
>>> KdcAccessibility: remove 10.1.245.16

Added key: 17version: 18
Found unsupported keytype (18) for HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
Added key: 23version: 18
Added key: 3version: 18
Added key: 1version: 18
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha 1EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/xxx515xxx.xxx.xxxxxx

principal is HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
Will use keytab
Added key: 17version: 18
Found unsupported keytype (18) for HTTP/xxx515xxx.xxx.xxxxxx@xxx.xxx.xxx.xxx
Added key: 23version: 18
Added key: 3version: 18
Added key: 1version: 18
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Commit Succeeded