I'm trying to authenticate against AD using the http://spnego.sourceforge.net component with tomcat.

I've created my SPN's "setspn.exe -A HTTP/servername SVCTomcat" & "setspn.exe -A HTTP/servername.fqdn.net SVCTomcat"

I've created my krb5.conf & login.conf file and setup the filter in the web.xml ie.

<filter-name>SpnegoHttpFilter</filter-name>
<filter-class>net.sourceforge.spnego.SpnegoHttpFilter</filter-class>
    <param-name>spnego.allow.unsecure.basic</param-name>
    <param-value>false</param-value>
    <param-name>spnego.login.client.module</param-name>
    <param-value>spnego-client</param-value>
    <param-name>spnego.krb5.conf</param-name>
    <param-value>krb5.conf</param-value>
    <param-name>spnego.login.conf</param-name>
    <param-value>login.conf</param-value>
    <param-name>spnego.preauth.username</param-name>
    <param-value>SVCTomcat</param-value>
    <param-name>spnego.preauth.password</param-name>
    <param-value>Pasword</param-value>
    <param-name>spnego.login.server.module</param-name>
    <param-value>spnego-server</param-value>
    <param-name>spnego.prompt.ntlm</param-name>
    <param-value>false</param-value>
    <param-name>spnego.logger.level</param-name>
    <param-value>2</param-value>

Note i've stripped extraneous tags from this, so it's not the actual XML.

When i go to a page protected by this filter i get this in the catalina logfile. 25-Mar-2010 12:41:26 org.apache.catalina.startup.Catalina start INFO: Server startup in 4615 ms 25-Mar-2010 12:41:47 net.sourceforge.spnego.SpnegoHttpFilter doFilter FINE: principal=SYSTEM@TESTDOMAIN

And in the hello_spnego.jsp example on the website it just reports the name of the user tomcat is running as (SYSTEM), not the user i'm connecting with.

It seems the author stopped halfway through his debugging page, so i've no areas to look in other than to triple check my config.

Any ideas?