Kerberos General Information
Kerberos is the default authentication method for Server 2003 servers. It is an authentication protocol in which a trusted third party, an arbitrator, is relied upon to perform the authentication of clients on a TCP/IP network. The protocol was designed in a way that encrypted tickets are transmitted over the network rather than traditional plaintext passwords providing for secure network authentication.
To enable more complex Kerberos logging (for testing/ troubleshooting).
|
Start Registry Editor. |
|
Add the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\
If the Parameters subkey does not exist, create it. Note Remove this registry value when it is no longer needed so that performance is not degraded on the computer. Also, you can remove this registry value to disable Kerberos event logging on a specific computer. |
|
Quit Registry Editor, and then restart the computer. |
Note: Kerberos Realm is the domain you are in except in capital letters… I won’t make this mistake again!
Kerberos is time dependent because it uses the time as part of its encryption process to prevent replay attacks. The default time tolerance of Kerberos is 10 minutes. This can be changed in the domains security policy.
I have also found that Kerberos will require reverse lookup zones on your server to work in certain circumstances.
All about Kerberos : http://labmice.techtarget.com/security/kerberos.htm
Related posts:
- Setting up a wireless network with Windows Server 2003 and PEAP/EAP.
- Regenerating Temporary Terminal Server CALS.
- Resetting default file permissions on Windows Server 2003
- Network Password Error Outlook 2003
- Group Policy File System and Registry Rights Not Applying
Leave a Reply