Kerberos is an authentication protocol that allows nodes communicating over a non-secure network to verify their identity in a secure manner. An HTTP client provider can be configured for Kerberos and later referred by name in an HTTP Emit service (XDNHttpEmitAgent) or an AS2 Nonblocking Emit service (XDNAS2EmitAgent).

When a server requires HTTP authentication, it returns one or more WWW-Authenticate headers listing the authentication schemes it can accept. The Authentication Preference parameter of the HTTP client provider defines which schemes take precedence over others. The value is a comma-separated list of authentication scheme names with the most preferred scheme listed first. The default value is:

negotiate,NTLM,Digest,Basic

where:

negotiate

Means SPNEGO and the only SPNEGO scheme implemented is Kerberos.

To disable all of the schemes except Kerberos, set the Authentication Preference parameter to negotiate.

The Kerberos Login Entry parameter of the HTTP client provider specifies the application logon entry in the JAAS configuration file that will be used to logon to Kerberos. This logon entry configures a Kerberos logon module (Krb5LoginModule). The Krb5LoginModule contains numerous options that can be configured in the JAAS configuration file. For more information about the available options for the Krb5LoginModule, see the Javadoc.