Win logon to a MIT Kerberos V KDC?

Douglas E. Engert deengert at
Thu Sep 26 14:24:15 EDT 2002

Turbo Fredriksson wrote:
> >>>>> "Turbo" == Turbo Fredriksson <turbo at> writes:
> >>>>> "Eric" == Eric Lee Steadle <esteadle at> writes:
>     Eric> Tell us more about your Windows client. Version, Service
>     Eric> Pack, etc. Does it participate in a domain? Have any
>     Eric> registry settings been adjusted? etc.
>     Turbo> Windows 2000 5.00.2195, Service Pack 3.
> Sorry. Only read the first part :)
> No domain, only a workgroup (originaly WORKGROUP, but that ended
> up being MYREALM.TLD after running 'ksetup.exe'). I've changed
> some registry settings. Kerberos logging, w32time entries etc.
> Not anything else that I can remember...

I am runing something similiar, with the W2K laptop not being part
of the domain but the workgroup KRB5.ANL.GOV. I can authenticate 
using either a principal in the KRB5.ANL.GOV realm (MIT KDC) or
the W2K domain of ANL.GOV The do cross realm, and the machine is
registered in the KRB5.ANL.GOV realm.

Check that under the System Properities->Network Identification->Proprities->More
the "Change primary DNS suffix when domain membership changes" is not checked.
On that previous screen the Full computer name is the hostname,
and the Workgroup name is the realm. So the principal of the host is
host/<Full computer name>@<Workgroup>

> ________________________________________________
> Kerberos mailing list           Kerberos at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the Kerberos mailing list