Kantega SSO Enterprise allow you to authenticate REST clients with Kerberos. The feature is disabled by default as it can interfere with existing integration. Note that you can specify URL paths, IP ranges and user agents to restrict Kerberos from triggering in unwanted situations.

The screenshot below shows you where to enable and configure Kerberos for REST, and the syntax for defining excluded URL paths.

See also how some user agents are excluded from getting Kerberos challenges.