Although use of SPNEGO authentication for browser-based SSO is a very common motivation for integrating Kerberos with Spring Security, it may be that you want to simply use Kerberos login itself as an
AuthenticationProvider mechanism (similar to the way that LDAP bind authentication works—refer to Chapter 9 for details on this).
The benefit of configuring Kerberos authentication in this way is that we can seamlessly support Kerberos authenticated users alongside users authenticated using other
AuthenticationProviders (LDAP, JDBC, and so on.).
If you are trying out this exercise, make sure to remove the configurations we performed in the first section of this chapter – most importantly, the
SpnegoEntryPoint must ...