Upgrading Novell Access Manager from 3.0.4 to 3.1 will break the Kerberos authentication service

• After upgrading Novell Access Manager 3.0 Service Pack 4 to Novell Access manager 3.1 users receive the error message Kerberos authentication fails - "Received NTLM Token which currently is Not supported" warning
• No other changes have been applied to the Novell Access Manager configuration
• A LAN trace show that the Novell Identity Provider (NIDP) does not send out any Kerberos request to the configured KDC server
  

The structure of the "bcsLogin.conf" file used to configure JAAS for Kerberos authentication has been changed due to the change from "novell-j2sdk-1.4.2_12-1" to "novell-jdk-1.6.0_07-1"). The upgrade process from
NAM3.0.4 to NAM 3.1 does not take care of this change and therefore Kerberos authentication will be broken

NAM 3.0.4 bcsLogin.conf
====================================================================
other {
com.sun.security.auth.module.Krb5LoginModule required
debug="true"
useTicketCache="true"
ticketCache="/opt/novell/java/jre/lib/security/spnegoTicket.cache"
doNotPrompt="true"
principal="HTTP/amser.provo.novell.com@AD.NOVELL.COM"
useKeyTab="true"
keyTab="/opt/novell/java/jre/lib/security/nidpkey.keytab"
storeKey="true";
};
====================================================================


NAM 3.1 bcsLogin.conf
====================================================================
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
debug="true"
useTicketCache="true"
ticketCache="/opt/novell/java/jre/lib/security/spnegoTicket.cache"
doNotPrompt="true"
principal="HTTP/amser.provo.novell.com@AD.NOVELL.COM"
useKeyTab="true"
keyTab="/opt/novell/java/jre/lib/security/nidpkey.keytab"
storeKey="true";
};
====================================================================

Apply the new "bcsLogin.conf" in the "/opt/novell/java/jre/lib/security" directory and restart the NDIP server "/etc/init.d/novell/etc/init.d/novell-tomcat5 restart"