samba4 & WindowsDesktopSSO

[miquel]

we are trying to integrating openam WindowsDesktopSSO module with samba4 
kerberos.

we are creating keytab on samba4 DC following this steps:

samba-tool user create --random-password http-server-hp
samba-tool spn add HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL 
http-server-hp
samba-tool domain exportkeytab /root/as1_2.keytab 
--principal=HTTP/server-hp.testdomain.local at TESTDOMAIN.LOCAL
samba-tool domain exportkeytab /root/as1_2.keytab 
--principal=HOST/server-hp.testdomain.local at TESTDOMAIN.LOCAL


But we need to change openam source code to configure Krb5LoginModule 
with "isInitiator=false" parameter.


10.1.0-Xpress/openam/openam-authentication/openam-auth-windowsdesktopsso/src/main/java/com/sun/identity/authentication/modules/windowsdesktopsso/WindowsDesktopSSOConfig.java:

             } else {
                 hashmap.put("storeKey", "true");
                 hashmap.put("useKeyTab", "true");
+               hashmap.put("isInitiator", "false");
                 hashmap.put("keyTab", keytab);
                 hashmap.put("doNotPrompt", "true");
                 hashmap.put("refreshKrb5Config", refreshConf);
             }


Without "isInitiator" parameter can't login and openam show "Client not 
found in Kerberos database" error.

Is it correct ?