disabling kerberos

Medha Kulkarni medha_kulkarni at persistent.co.in
Mon Sep 27 08:08:09 EDT 2004


Can anybody tell me, how to disable kerberos authentication on windows domain controller machines.

All the documents on microsoft site say that kerberos is the default authentication method on domain controller based machines.But there is no documentation available telling how to disable this authentication.

Is there any setting available on domain controller to disable it??

If the KDC service on domain controller is stopped, then does that mean kerberos is disabled?

Thanks in advance.
   From kwc at citi.umich.edu Mon Sep 27 09:39:19 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i8RDdJZZ008261
	for <kerberos at PCH.mit.edu>; Mon, 27 Sep 2004 09:39:19 -0400 (EDT)
Received: from citi.umich.edu (citi.umich.edu [])
	for <kerberos at mit.edu>; Mon, 27 Sep 2004 09:39:18 -0400 (EDT)
Received: from citi.umich.edu (rock.citi.umich.edu [])
	by citi.umich.edu (Postfix) with ESMTP
	id 6654E1BB02; Mon, 27 Sep 2004 09:39:17 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
To: Konstantinos Agouros <elwood at agouros.de>
In-Reply-To: Message from Konstantinos Agouros <elwood at agouros.de> 
   of "Sun, 26 Sep 2004 18:55:35 GMT." <1096224935.298627 at rumba.localnet> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 27 Sep 2004 09:39:17 -0400
From: Kevin Coffman <kwc at citi.umich.edu>
Message-Id: <20040927133917.6654E1BB02 at citi.umich.edu>
X-Scanned-By: MIMEDefang 2.42
cc: kerberos at mit.edu
cc: Kevin Coffman <kwc at citi.umich.edu>
Subject: Re: Two basic (and probably stupid) Kerb5 questions 
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Mon, 27 Sep 2004 13:39:19 -0000

> Hi,
> I am just in the process of getting started with Kerberos (mainly
> for securing NFS) on Solaris.
> First question: I know I have to set up principals for each user
> (and host/service etc). What if I already have a established userbase.
> Is there an easy way get principals for every user? Or do I really
> have to do this by hand?

I think the answer is that you need to create principals "by hand"
unless you are migrating from some other Kerberos environment.
> Second question (more NFS related): Am I right that in order to
> access NFS mounted directories (or is it the mount-operation?) I
> need to have a ticket?  The background is, that the NFS in question
> is used for an application that uses NFS to share data. Since the
> applications start autmatically on boot there is klogin happening
> so they might probably be denied access. Is there a good way to
> solve this besides someone sitting at the reboot (and whenever the
> login expires) and entering the password to get new tickets?

The answer here is to have a keytab on the client machine with an
entry the application can use to authenticate itself.

More information about the Kerberos mailing list