Is it possible to authenticate Windows clients against MIT Kerberos (no AD)?

Jaap Winius jwinius at
Fri Apr 1 21:01:32 EDT 2011

Quoting Cosimo La Torre <latorrecosimo80 at>:

> I have been trying to configure a WinXP client to authenticate against MIT
> Kerberos V with no success (linux clients all work fine)...

Yes, of course it is. Just use the Kerberos client for Windows:

However, all this gets you is bare-bones Kerberos authentication; you  
still need to log in to Windows first. So, you might consider  
combining that with the pGina client...

... and the Kerberos plugin for it:

But, even if you get all that to work, your users will still need  
local accounts on all the Windows workstations before they can log in;  
local accounts are not created for them automatically, nor are they  
stored on the network.

If you don't like that idea, it seems that currently your only other  
options are either to buy a license for a M$ Windows server, or wait  
for Samba4:



More information about the Kerberos mailing list