The values of the parameters depend on your use case. If you have a strict kerberos/spnego only environment (safest, but all clients and users need to kerberos/spnego enabled) then use
- spnego.prompt.ntlm=false because we only allow kerberos
- spnego.allow.basic=false because we only allow kerberos
- spnego.allow.unsecure.basic=false not relevant because spnego.allow.basic=false
If you want to allow additional authentication mechanisms in addition to kerberos/spnego than you have to decide which ones: NTLM and/or basic. NTLM is not supported by this library so Basic is the only one left.
- spnego.prompt.ntlm=true because we want to allow basic for non-spnego/NTLM only clients
- spnego.allow.basic=true because we want to allow basic for non-spnego clients
- spnego.allow.unsecure.basic=false we force basic authentication over HTTPS (if you dont do this and set the value to true here, then you transmit your credentials unencrypted and in plaintext, thats not want you want i guess)