This configuration parameter specifies whether the agent uses the Kerberos altSecurityIdentities name for user authentication (true) or not (false) instead of the Windows user name, regardless of which names are supplied.
Using altSecurityIdentities for authentication works as long as the alternate name is always used or the passwords are synchronized, and if the third-party key distribution center (KDC) is reachable. If these two conditions aren’t met, you can disable the feature by setting this parameter to false. In that case, the agent uses only Windows to authenticate the user and ignores any Kerberos altSecurityIdentities.
For example:
krb5.support.alt.identities: false
If this parameter is not defined in the configuration file, its default value is true.
Doc Feedback