Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
KSetup is used to change the computer settings for locating non-Microsoft Kerberos realms. In non-Microsoft Kerberos–based implementations, this information is usually kept in the Krb5.conf file. In Windows Server 2003 systems, it is kept in the registry. You can use this tool to modify these settings. These settings are used by workstations to locate non-Windows Kerberos realms and by domain controllers to locate non-Microsoft Kerberos realms for cross-realm trust relationships.
KSetup initializes registry keys that the Kerberos Security Provider uses to locate an non-Microsoft Kerberos Key Distribution Center (KDC) if the computer running a Windows Server 2003 operating system is not a member of a Windows domain. After configuration, the user of a computer running Windows XP Professional can log on to accounts in the Kerberos realm.
The Kerberos V5 authentication protocol is the default for network authentication on computers running Windows XP Professional. Computers running Windows XP Professional can participate in Kerberos realms that are not Windows Server 2003 domains. In this case, the KDC will not be on a domain controller running Windows Server 2003, so the DNS names for KDC servers must be stored in the registry of the client computer. The Kerberos Security Support Provider (SSP) looks in the registry for the DNS domain name of the user's realm, and then resolves the name to an IP address by querying a DNS server. Kerberos can use DNS to locate KDCs, using only the realm name but must be specially configured to do so.