Kerberos

Applies To: Windows Server 2008, Windows Server 2008 R2

Kerberos is an authentication mechanism used to verify the identity of a user or host. This page contains information about evaluating, developing, and troubleshooting Kerberos, the preferred authentication method for services in Windows Server 2008.

New Resources

• Kerberos Authentication Overview for Windows Server® 2012 and Windows® 8 Release Preview.

• Configure OCSP Stapling

  This support topic for the IT professional shows you how to configure OCSP stapling for Kerberos so that stapling does automatically occur.

• Enabling Strict KDC Validation in Windows Kerberos

  This downloadable white paper provides procedural and troubleshooting documentation to enable strict KDC validation in Windows Kerberos and applies to Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Product Evaluation

• What's New in Windows Server 2003 Kerberos Authentication

  This document describes the features in Kerberos authentication that were introduced in Windows Server 2003. You can use this document to compare the improvements in Windows Vista and Windows Server 2008.

• Kerberos Enhancements in Windows Vista and Windows Server 2008

  This topic provides information about Kerberos enhancements in Windows Vista and Windows Server 2008, including the use of Advanced Encryption Standard (AES) encryption and usage scenarios with previous versions of Windows.

• Changes in Kerberos Authentication in Windows 7 and Windows Server 2008 R2

  This product evaluation topic for the IT professional describes the cryptographic enhancements to Microsoft's implementation of Kerberos version 5 (v5) in Windows 7 and Windows Server 2008 R2.

• What’s New in Kerberos Authentication for Windows Server® 2012

  This topic for the IT professional describes new capabilities and improvements to Windows implementation of the Kerberos authentication protocol in Windows Server® 2012 and Windows® 8 Release Preview.

Development

• MSDN: Microsoft Kerberos

  This topic describes Microsoft's implementation of the Kerberos version 5 (v5) protocol and links to information about basic authentication concepts, Kerberos subprotocols, Kerberos components, and SSPI/Kerberos interoperability with GSSAPI.

Troubleshooting

• TechNet Events and Errors Message Center: Advanced Search

  You can use the Advanced Search function of TechNet's Events and Errors Message Center to find detailed message explanations, recommended user actions, and links to additional support and resources for Kerberos authentication.

• Troubleshooting Kerberos

  This guide provides troubleshooting information for Kerberos authentication in Windows 2000 and Windows Server 2003 domains. It is designed to help you identify and resolve problems that are related to the Kerberos v5 authentication protocol when these Windows versions are present in your environment.

• Troubleshooting Kerberos Errors

  This white paper helps you troubleshoot Kerberos authentication problems by outlining troubleshooting basics, explaining the causes of common Kerberos errors, and summarizing common troubleshooting tools.

• Troubleshooting Kerberos Delegation

  This white paper explains how to troubleshoot delegation issues that can arise in Kerberos authentication scenarios, summarizes required infrastructure, and describes Windows authentication scenarios when Windows versions earlier than Windows Server 2008 are present in your environment.

• Kerberos Client

  This document contains event details, resolution steps, and verification steps for Kerberos client troubleshooting. Kerberos clients are applications acting on behalf of users who need access to a resource, such as opening a file, querying a database, or printing a document.

• Kerberos Key Distribution Center

  This document contains event details, resolution steps, and verification steps for Kerberos Key Distribution Center (KDC) troubleshooting. The Kerberos KDC is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain.

Support

• Knowledge Base Search results for "Kerberos authentication"

• Configure OCSP Stapling

  This support topic for the IT professional shows you how to configure OCSP stapling for Kerberos so that stapling does automatically occur.

Additional Resources

• Kerberos Authentication in Windows Server 2003

  This contains information for evaluating, planning, and deploying Kerberos, particularly focusing on Windows Server 2003.