Make sure that you have set up accounts in Active Directory for your user principals (the users) and service principals (the accounts that represent your database servers). Your user principals and service principals should both be created as 'Users' within Active Directory.
If you intend to use the Java reference GSS Manager implementation, you must use DES encryption for both user and service principals.
Right-click on the specific user principal or service principal name in the Active Directory Users list.
Select Properties.
Click the Account tab. The Account Options list appears.
For both the user principal and service principal, specify that DES encryption types should be used.
If you plan to use the Java reference implementation to set up an SSO environment, you may need to modify the Windows Registry according to instructions specified at the Microsoft support site.
On Windows, the Kerberos configuration file is called krb5.ini. Java looks for krb5.ini by default at C:\WINNT\krb5.ini. Java allows you to specify the location of this file. The format of krb5.ini is identical to that of krb5.conf.
For examples of the krb5.conf file, see white paper on setting up Kerberos. The URL for this document can be found in the jConnect for JDBC Release Bulletin.
For more information on Kerberos for Microsoft Active Directory, see the Microsoft Developer Network.
Setting DES encryption