Windows Kerberos Tools

Up to now, this chapter has presented Kerberos largely from a Linux perspective. Kerberos, though, is a cross-platform tool, and you can use it to help integrate Linux and Windows systems. You can use Windows in any of the main Kerberos roles (KDC, application server, or client).

Windows Kerberos Implementations

Broadly speaking, three approaches to Kerberos are possible under Windows:

Microsoft’s Kerberos implementation

Microsoft provides a Kerberos implementation as part of Windows 200x/XP (but not Windows XP Home). As described in Section 9.1.4, Microsoft’s Kerberos implementation deviates from others, which can make using it with a non-Microsoft KDC tricky. In the Section 9.5.3, some pointers for using Microsoft’s Kerberos clients with non-Microsoft KDCs are presented.

Conventional non-Microsoft Kerberos implementations

You can obtain non-Microsoft Kerberos implementations for Windows. For instance, a Windows binary version of MIT Kerberos ( is available for all versions of Windows since Windows 98. (Windows 95 and earlier are not supported.) This tool can be configured and used much like Linux versions of Kerberos. The main difference is that configuration file locations differ. Most importantly, instead of editing /etc/krb5.conf, you edit C:\WINDOWS\krb5.ini. (This file may reside in another directory if you installed Windows to a directory other than C:\WINDOWS.) This package also includes a GUI tool called Leash, which manages ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.