Kerberos

Applies To: Windows Server 2008, Windows Server 2008 R2

Kerberos is an authentication mechanism used to verify the identity of a user or host. This page contains information about evaluating, developing, and troubleshooting Kerberos, the preferred authentication method for services in Windows Server 2008.

New Resources

  • Kerberos Authentication Overview for Windows Server® 2012 and Windows® 8 Release Preview.

  • Configure OCSP Stapling

    This support topic for the IT professional shows you how to configure OCSP stapling for Kerberos so that stapling does automatically occur.

  • Enabling Strict KDC Validation in Windows Kerberos

    This downloadable white paper provides procedural and troubleshooting documentation to enable strict KDC validation in Windows Kerberos and applies to Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Product Evaluation

  • What's New in Windows Server 2003 Kerberos Authentication

    This document describes the features in Kerberos authentication that were introduced in Windows Server 2003. You can use this document to compare the improvements in Windows Vista and Windows Server 2008.

  • Kerberos Enhancements in Windows Vista and Windows Server 2008

    This topic provides information about Kerberos enhancements in Windows Vista and Windows Server 2008, including the use of Advanced Encryption Standard (AES) encryption and usage scenarios with previous versions of Windows.

  • Changes in Kerberos Authentication in Windows 7 and Windows Server 2008 R2

    This product evaluation topic for the IT professional describes the cryptographic enhancements to Microsoft's implementation of Kerberos version 5 (v5) in Windows 7 and Windows Server 2008 R2.

  • What’s New in Kerberos Authentication for Windows Server® 2012

    This topic for the IT professional describes new capabilities and improvements to Windows implementation of the Kerberos authentication protocol in Windows Server® 2012 and Windows® 8 Release Preview.

Development

  • MSDN: Microsoft Kerberos

    This topic describes Microsoft's implementation of the Kerberos version 5 (v5) protocol and links to information about basic authentication concepts, Kerberos subprotocols, Kerberos components, and SSPI/Kerberos interoperability with GSSAPI.

Troubleshooting

  • TechNet Events and Errors Message Center: Advanced Search

    You can use the Advanced Search function of TechNet's Events and Errors Message Center to find detailed message explanations, recommended user actions, and links to additional support and resources for Kerberos authentication.

  • Troubleshooting Kerberos

    This guide provides troubleshooting information for Kerberos authentication in Windows 2000 and Windows Server 2003 domains. It is designed to help you identify and resolve problems that are related to the Kerberos v5 authentication protocol when these Windows versions are present in your environment.

  • Troubleshooting Kerberos Errors

    This white paper helps you troubleshoot Kerberos authentication problems by outlining troubleshooting basics, explaining the causes of common Kerberos errors, and summarizing common troubleshooting tools.

  • Troubleshooting Kerberos Delegation

    This white paper explains how to troubleshoot delegation issues that can arise in Kerberos authentication scenarios, summarizes required infrastructure, and describes Windows authentication scenarios when Windows versions earlier than Windows Server 2008 are present in your environment.

  • Kerberos Client

    This document contains event details, resolution steps, and verification steps for Kerberos client troubleshooting. Kerberos clients are applications acting on behalf of users who need access to a resource, such as opening a file, querying a database, or printing a document.

  • Kerberos Key Distribution Center

    This document contains event details, resolution steps, and verification steps for Kerberos Key Distribution Center (KDC) troubleshooting. The Kerberos KDC is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain.

Support

Additional Resources