Temporarily disabling Kerberos

By /


,Sometimes you may need to temporarily disable Kerberos authentication and use NTLM instead, for example when you are trying to troubleshoot authentication issues with a server or network device. Here’s a quick tip on how you can force your XP machine to use NTLM instead of Kerberos when authenticating with the server or device: use the IP address of the server or device instead of its Service Principal Name (SPN). For example, you could map a network drive to \\ and this will force NTLM instead of Kerberos to be used when authenticating the connection. For more information on SPNs, see http://technet2.microsoft.com/windowsserver/en/library/0cb0ec27-fa3e-423c-9669-3ccef815a29f1033.mspx?mfr=true.


*** 


Mitch Tulloch is lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch is also the author of Introducing Windows Server 2008, the first book from Microsoft Press about the exciting new server platform. For more information on these and other books written by Mitch, see www.mtit.com.

About The Author

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Read Next

3 thoughts on “Temporarily disabling Kerberos”

  1. tex

    Dear Mitch,
    What are the consequences of deleting all Kerberos files and registry references?
    Will my internet connection still access the web?
    Will it affect access to web pages?
    Thanks

    Reply
  3. EmItee

    Strange answer from a guy with all them thar credits after his name ect. ……….. ad infinite …………..
    _____________________________________________

    Kerberos is the MIT windows spy op el supremo.
    (From a PDF FILE originating at MIT)
    13 November 1986
    https://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf

    Commands version 3.0–Kerberos Integration
    1. Integrate with Kerberos.
    2. vddb checks for write access to named rvddb before starting work. Doesn’t
    require authorization password when talking to a remote system.
    [ Doesn’t require authorization password when talking to a remote system. ]

    ……………. Kerberos Authentication and Authorization System 27 Oct 1988 Athena Technical Plan Section E.2.1, page 5 complete control of the user,
    [ page 5 complete control of the user, ]
    [ page 5 complete control of the user, ]
    [ page 5 complete control of the user, ]
    ……………. the user can attempt to masquerade as another user or even as ………………..

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top