Up to now, this chapter has presented Kerberos largely from a Linux perspective. Kerberos, though, is a cross-platform tool, and you can use it to help integrate Linux and Windows systems. You can use Windows in any of the main Kerberos roles (KDC, application server, or client).
Broadly speaking, three approaches to Kerberos are possible under Windows:
Microsoft provides a Kerberos implementation as part of Windows 200x/XP (but not Windows XP Home). As described in Section 9.1.4, Microsoft’s Kerberos implementation deviates from others, which can make using it with a non-Microsoft KDC tricky. In the Section 9.5.3, some pointers for using Microsoft’s Kerberos clients with non-Microsoft KDCs are presented.
You can obtain non-Microsoft Kerberos implementations for Windows.
For instance, a Windows binary version of MIT Kerberos (http://web.mit.edu/kerberos/) is available
for all versions of Windows since Windows 98. (Windows 95 and earlier
are not supported.) This tool can be configured and used much like
Linux versions of Kerberos. The main difference is that configuration
file locations differ. Most importantly, instead of editing
/etc/krb5.conf, you edit
C:\WINDOWS\krb5.ini. (This file may reside in
another directory if you installed Windows to a directory other than
C:\WINDOWS.) This package also includes a GUI
tool called Leash, which manages ...