Kerberos for Windows NT 4.0
Tim.Alsop at CyberSafe.Ltd.UK
Fri Jun 6 09:02:47 EDT 2003
We have a commercially available and supported KDC and Kerberos Client both of which run on NT as well as other platforms. The Windows NT Client software includes a GINA replacement which gets a Kerberos ticket for the user during login to the NT workstation. The authorization data which Microsoft's operating system requires to access operating system services will still be required so the GINA does a secondary login using NTLM to get this info from a domain controller - the same userid/password is used for the domain login and the password for the Kerberos principal and domain account are synchronized automatically.
Hopefully you can see that it is very difficult (perhaps impossible) to get rid of NTLM completely unless the login is using a Kerberos realm and the NT account used for workstation authorization purposes is a locally administered account on each workstation.
Let me know if you need any more info.
From: Aumy [mailto:aumy at gmx.net]
Sent: 06 June 2003 13:37
To: kerberos at mit.edu
Does anybody know if there is a Kerberos implementation for Windows NT?
We have some W2k/W2k3 Servers in our network as ADCs and File/Print-Servers.
Some clients are W2k/XP, but others still run under Win NT 4.0. Is there a
solution (commercial or not) which makes it possible to set up the whole
network Kerberos enabled to get rid of LM/NTLM/NTLMv2?
Help is highly appreciated! Thanks in advance...
Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos