Kerberos For Windows

Kerberos For Windows 3.2.x

Kerberos tickets can provide authentication to a number of services, such as CSAIL OIDC, SSH, AFS, SAPGui, and others.

Client Installer

As of this comment (10 Dec 2012) MIT has released MIT Kerberos for Windows 4.x. This release of Kerberos does not contain an AFS plugin, and therefore will not automatically obtain AFS tokens. We are currently not recommending the installation or use of MIT Kerberos for Windows 4 until proper AFS support.

Kerberos Installation Instructions:


The contents of this .zip file contains a custom CSAIL kfw-3-2-x.msi package, as well as custom CSAIL:

The custom .msi package is intended for CSAIL members wishing to install Network Identity Manager with the proper CSAIL environment and realm variables set. Running the .msi will install Kerberos for Windows (Network Identity Manager) as well as copying krb5.ini, krb.con, krbrealm.con to your c:\ (usually c:\windows) directory. If you have a previous version of KfW installed, it will not overwrite the existing copying krb5.ini, krb.con, krbrealm.con files.



-Start-Programs-Kerberos for Windows-Network Identity Manager

screen shot

screen shot 2

General tips:

MIT Kerberos and OpenAFS for Windows issues

When getting Kerberos tickets using MIT Kerberos Leash Manager you get error saying “Ticket Initialization failed. Clock skew too great”

This error is usually due to large difference between the time stamp stored in your kerberos ticket and the network servers on the internet. The difference can be as small as three minutes in order to cause trouble. You need to change your computer’s clock settings to reflect the actual time on the network time servers. Before changing the time shutdown all applications that require kerberos tickets. We also recommend to synchronize time to using Leash Manager.