Hi Alan.Waggott, Appriciate your response.
We were using DLP version 14.6 and AD authentication was working and now we upgraded to 15.1 and still AD authentication is working butt the problem is that if I remove or rename our krb5.ini file, AD authentication should break as there is no krb5.ini file exist. here I am experiencing that if krb5.ini file which holds the AD information is not present but why I am still able to use my AD credentials.
Reply to your questions is in italic
Have you checked C:\SymantecDLP\Protect\config\krb5.ini to see if the KRB is in there?
(No (Deleted as I am testing that from where I am getting authenticated) )
When you say you are being prompted for AD authentication do you mean when you log into the Enforce Console?
Yes (AD Authentication is in place, but I am trying to break for my test)
Does the original Administrator account still exsist in your enforce user list?
Yes
Where did you remove the KRB file from you should only need to remove it from the location in the SpringSecurityContext.xml file which if you followed the documentation should be in c:\windows
I removed krb5.ini file from the location it was placed and also remove the file location entry in SpringSecurityContext.xml (Still when I open Console it accepts AD accounts with AD passwords)
If you have done all of this then it maybe worth renaming the SpringSecurityContext.xml to SpringSecurityContext.old and then dropping the file in that I have attached, it is the original .xml file
When I drop your file it breaks the authentication but this is original file and I believe its the same as in template file springSecurityContext-Form.xml but I need to use "springSecurityContext-Kerberos.xml" and rename this file as "SpringSecurityContext.xml" where I can provide my krb5.ini location.
can you point me I am mistaking something here in template files?
Thanks you.