RealmFlags
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\Realm-name
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0–7 |
0 |
Specifies additional features of a non-Windows-based Kerberos realm.
Computers that are running Windows Server 2003 can use a non-Windows Kerberos server to administer authentication, instead of using a Windows Server 2003 domain. These systems participate in a Kerberos realm instead of a Windows domain. This entry establishes the features of the realm.
To enable a feature, set the bit representing the feature to 1, or sum the decimal or hexadecimal values representing each feature. For example, to enable all features, set the value of this entry to 7 (1 + 2 + 4).
| Value | Flag | Meaning |
|---|---|---|
0 |
None |
No additional features enabled. |
1 |
SendAddress |
Include IP numbers within tickets. Useful for solving some compatibility issues. |
2 |
TcpSupported |
Realm supports TCP rather than just UDP. |
4 |
Delegate |
Everyone in this realm is trusted for delegation. |
8 |
NcSupported |
Realm supports name canonicalization. |
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.