Kerberos is the default authentication method for Server 2003 servers. It is an authentication protocol in which a trusted third party, an arbitrator, is relied upon to perform the authentication of clients on a TCP/IP network. The protocol was designed in a way that encrypted tickets are transmitted over the network rather than traditional plaintext passwords providing for secure network authentication.
To enable more complex Kerberos logging (for testing/ troubleshooting).
|
Start Registry Editor. |
|
Add the following registry value: HKEY_LOCAL_MACHINESYSTEM
If the Parameters subkey does not exist, create it. Note Remove this registry value when it is no longer needed so that performance is not degraded on the computer. Also, you can remove this registry value to disable Kerberos event logging on a specific computer. |
|
Quit Registry Editor, and then restart the computer. |
Note: Kerberos Realm is the domain you are in except in capital letters… I won’t make this mistake again!
Kerberos is time dependent because it uses the time as part of its encryption process to prevent replay attacks. The default time tolerance of Kerberos is 10 minutes. This can be changed in the domains security policy.
I have also found that Kerberos will require reverse lookup zones on your server to work in certain circumstances.
All about Kerberos : http://labmice.techtarget.com/security/kerberos.htm
Profile: Frank has been programming for the web using PHP, Javascript and numerous libraries and frameworks for the past 5 years. More articles.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.