I’m just curious as to what the core issue here is – I am able to perform GSSAPI via SPNEGO to authenticate myself via Kerberos to a Linux webserver joined to my Active Directory domain via Firefox without making any changes – why is the Java implementation for Spark unable to get a service ticket without the hack?
Using native API calls you can request service tickets without needing direct access to the TGT. Java implements GSSAPI fully in Java, and thus needs direct access. Sun has released native library support for GSSAPI in Java for Solaris and Linux, but not for other OS’s (yet?).