Temporarily disabling Kerberos


,Sometimes you may need to temporarily disable Kerberos authentication and use NTLM instead, for example when you are trying to troubleshoot authentication issues with a server or network device. Here’s a quick tip on how you can force your XP machine to use NTLM instead of Kerberos when authenticating with the server or device: use the IP address of the server or device instead of its Service Principal Name (SPN). For example, you could map a network drive to \\ and this will force NTLM instead of Kerberos to be used when authenticating the connection. For more information on SPNs, see http://technet2.microsoft.com/windowsserver/en/library/0cb0ec27-fa3e-423c-9669-3ccef815a29f1033.mspx?mfr=true.


*** 


Mitch Tulloch is lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. Mitch is also the author of Introducing Windows Server 2008, the first book from Microsoft Press about the exciting new server platform. For more information on these and other books written by Mitch, see www.mtit.com.

3 thoughts on “Temporarily disabling Kerberos”

  1. Dear Mitch,
    What are the consequences of deleting all Kerberos files and registry references?
    Will my internet connection still access the web?
    Will it affect access to web pages?
    Thanks

  2. Strange answer from a guy with all them thar credits after his name ect. ……….. ad infinite …………..
    _____________________________________________

    Kerberos is the MIT windows spy op el supremo.
    (From a PDF FILE originating at MIT)
    13 November 1986
    https://web.mit.edu/Saltzer/www/publications/athenaplan/e.2.1.pdf

    Commands version 3.0–Kerberos Integration
    1. Integrate with Kerberos.
    2. vddb checks for write access to named rvddb before starting work. Doesn’t
    require authorization password when talking to a remote system.
    [ Doesn’t require authorization password when talking to a remote system. ]

    ……………. Kerberos Authentication and Authorization System 27 Oct 1988 Athena Technical Plan Section E.2.1, page 5 complete control of the user,
    [ page 5 complete control of the user, ]
    [ page 5 complete control of the user, ]
    [ page 5 complete control of the user, ]
    ……………. the user can attempt to masquerade as another user or even as ………………..

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top