Fix proxy canonical override

Author: renaudhartert-db

NEXT_CHANGELOG.md

@@ -6,6 +6,8 @@
 
 ### Bug Fixes
 
+* Fix proxy SPNego authentication to respect krb5.conf canonicalization settings instead of forcing hostname canonicalization. The SDK now defers to the Kerberos library configuration for hostname resolution. **Migration note**: If you experience new Kerberos authentication failures with proxy servers after upgrading, verify that your `krb5.conf` canonicalization settings (`rdns` and `dns_canonicalize_hostname`) are correctly configured for your environment.
+
 ### Security Vulnerabilities
 
 ### Documentation

databricks-sdk-java/src/main/java/com/databricks/sdk/core/utils/ProxyUtils.java

@@ -128,7 +128,10 @@ public Principal getUserPrincipal() {
         .setDefaultCredentialsProvider(credsProvider)
         .setDefaultAuthSchemeRegistry(
             RegistryBuilder.<AuthSchemeProvider>create()
-                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true))
+                // Use SPNegoSchemeFactory with useCanonicalHostname=false to defer hostname
+                // canonicalization to the Kerberos library based on krb5.conf settings
+                // (rdns, dns_canonicalize_hostname) rather than forcing canonicalization.
+                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false))
                 .build());
   }