Disable Pre-authentication

The Kerberos client pre-authenticates to the KDC (recommended) by default; however, you may need to disable pre-authentication if it isn't compatible with KDCs in your network.

During pre-authentication, the Kerberos client prompts the user for a password, and then using a key derived from the password, encrypts a timestamp, which it includes in its authentication request to the KDC. If the KDC can decrypt the timestamp with the user's key (derived from the same password using the same algorithm), it proves that the user knows the password.

To disable pre-authentication

  1. Start Kerberos Manager.

  2. From the Configuration menu, choose Configure Realms.

  3. From the Configuration tab, select a realm from the Realm list, and then click Properties.

  4. Click the Realm Defaults tab.

  5. From the Pre-Authentication box, select None, and then click OK.