Repackaging Kerberos for Windows 2.6.2

Jeffrey Altman jaltman at
Thu Jul 8 22:46:30 EDT 2004

KFW 2.6.4 is currently in beta.  I strongly recommend that you 
distribute the 2.6.4
binaries when they are finally released.

I do not know how you have constructed your .msi installer so I do not 
know what registry
settings if any you are setting.  What I can tell you is that KFW does 
not depend on any
registry settings being inserted into the registry for it to work 
(unless you are using the MSLSA
ccache and have 2000 SP4, XP SP2, or 2003.)  All of the potential 
registry settings you can
set are documented in the KFW release notes.

The MIT Kerberos team currently distributes an installer based on the 
NSIS open source
product.  This was chosen because it is scriptable and open source.  The 
sources are provided
as part of the SDK.  Creating an automated install mode (aka quiet 
installer in NSIS speak)
is left as an exercise to the reader.  If you add this functionality 
consider contributing to the
MIT Kerberos team.

Since we started shipping the NSIS installer, Microsoft has open sourced 
an installer tools
for constructing MSIs.  It is unclear whether we will ship and installer 
based on this technology
or not.
The one thing I do ask is that if you are going to construct installers 
please re-use the same
installation components and registry keys for version control that are 
used in the MIT KFW
installer.  Doing so will allow the publicly distributed installer to be 
used to upgrade the
version you are putting on your systems.

Jeffrey Altman

Angelo Torres wrote:

>I am attempting to deploy Kerberos for Windows 2.6.2 to several labs of
>Windows XP workstations (Just under 100 workstations total). I have tried
>to repackage KFW into an .msi but have had unsatisfactory results. We
>deployed this .msi to 28 machines and verified that they could log into
>our Kerberos Realm, however, within a day, 8 machines were unable to
>properly authenticate. By repairing the KFW .msi the issue was temporarily
>fixed, but we were in the situation of requiring an administrator to
>repair the KFW .msi on up to 10 computers at the start of each class. This
>scenario continued for 3 days until we finally decided to scrap the
>package and just install KFW manually (We had probably performed well over
>150 repair-installations for those 28 machines by that time). I should
>mention that performing a manual install using the same configuration
>options we selected during repackaging produces a KFW installation that
>works fine. After a week of observing the problem I suspect that the KFW
>installation somehow depends on the settings of the machine it was
>installed on and these settings are improperly carried over in the
>repackaging process.
>I wanted to ask if anyone is aware of a successful repackaging attempt of
>KFW (2.6.2 or 2.6.3)? Are there any common pitfalls to attempting a
>snapshot repackaging? What is the recommended method of deploying KFW? (I
>would prefer a .msi/.mst solution, but a .zap or batch file would be an
>improvement to a manual install of all our workstations)
>Angelo Torres
>krbdev mailing list             krbdev at

More information about the krbdev mailing list