Kerberos for Windows NT 4.0

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Fri Jun 6 09:02:47 EDT 2003


We have a commercially available and supported KDC and Kerberos Client both of which run on NT as well as other platforms. The Windows NT Client software includes a GINA replacement which gets a Kerberos ticket for the user during login to the NT workstation. The authorization data which Microsoft's operating system requires to access operating system services will still be required so the GINA does a secondary login using NTLM to get this info from a domain controller - the same userid/password is used for the domain login and the password for the Kerberos principal and domain account are synchronized automatically.

Hopefully you can see that it is very difficult (perhaps impossible) to get rid of NTLM completely unless the login is using a Kerberos realm and the NT account used for workstation authorization purposes is a locally administered account on each workstation.

Let me know if you need any more info.

Regards, Tim.

-----Original Message-----
From: Aumy [mailto:aumy at] 
Sent: 06 June 2003 13:37
To: kerberos at

Hello everybody
Does anybody know if there is a Kerberos implementation for Windows NT?

We have some W2k/W2k3 Servers in our network as ADCs and File/Print-Servers.
Some clients are W2k/XP, but others still run under Win NT 4.0. Is there a
solution (commercial or not) which makes it possible to set up the whole
network Kerberos enabled to get rid of LM/NTLM/NTLMv2?

Help is highly appreciated! Thanks in advance...

Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list