Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Ksetup.exe: Kerberos Setup
This command-line tool configures a client connected to a server running Windows Server 2003 to use a server running Kerberos V5. The client then uses a Kerberos V5 realm instead of a Windows Server 2003 domain. This provides a single sign-on to the Key Distribution Center (KDC) and a local client account connected to a computer running Windows Server 2003.
KSetup is part of a group of tools, including Ktpass Overview, that is used to configure Windows for Kerberos V5 interoperability.
Administrators can use KSetup to:
Set up a realm entry for a Kerberos V5 realm.
Set up a list of KDCs for that realm.
Set up a kpasswd server for that realm.
- Set up a list of KDCs for that realm.
Set up local account to Kerberos V5 account mappings. This is necessary to inform the operating system how to authorize a specific security principal. This links authorization data to an identity. Windows domains do not need this data because they get it through other means.
Set the computer's password in the Kerberos realm. A Kerberos realm (and Windows domain) tracks computers joined to them using a shared secret in the form of the computer's password. When joining a Kerberos realm, a host principal must be created. The password used by the realm to create the host key must be entered using this command so that Windows can decode host tickets presented to it.
Change a user's password in a Kerberos V5 realm.
There is no corresponding user interface for this tool.
Kerberos is an authentication system designed to enable two parties to exchange private information across an otherwise open network. It assigns a unique key, called a ticket, to each user who logs on to the network. The ticket is used to secure messages and identify the sender of the message.
The following are the system requirements for KSetup:
Windows Server 2003
User's membership in the Administrators or Server Operators group on the target computer. Also, both the user account and the server computer must be members of the same domain or reside within trusted domains.