Dear experts!
We've found that SPNego Wizard available directly by URL http://<hostname>:port/spnego and not restricted by password.
Everybody who has user account even without any roles and permissions, only by entering the password can access wizard page and
make any changes, for example delete reams or Keytab certificate.
Could you advice us how to close this hole?